Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / March 2005

Tip: Looking for answers? Try searching our database.

AuthenticateToken and AD

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Rob Thomson - 04 Dec 2004 08:03 GMT
Environment(W2k, WS2, .Net 1.1,c#)
Program(SmatClient, WebServices)

Hi
I am overriding the AuthenticateToken method to authenticate a user. All the
examples of this I have seen check the password against xml, databases etc.
I want to authenticate against AD. I have tried the Winapi LogonUser, but
this gives me access denied, due to security settings in W2k. I am passing
in a UserNameToken on the client side to the Security.Tokens.Add. Maybe Im
missing something, but if you could point in the right direction

Many thanks
Reply to this Message
Martin Kulov - 04 Dec 2004 10:36 GMT
Hi Rob,

Just send the UsernameToken with password in plain text. On the server side use policy to define the Windows group, that should have access to your web service, in format DOMAIN\Group.

HTH,

Martin Kulov
www.codeattest.com
Reply to this Message
Softwaremaker - 04 Dec 2004 12:43 GMT
In case, you want to encrypt the username token so that your password cannot
be viewed, try this:

http://www.softwaremaker.net/blog/PermaLink,guid,43d85031-3e0b-48a7-bdd7-1f49932
db40a.aspx

hth.
Signature

Thank you.

Regards,
Softwaremaker

==================================

> Hi Rob,
>
> Just send the UsernameToken with password in plain text. On the server side use policy to define the Windows group, that should have access to your
web service, in format DOMAIN\Group.

> HTH,
>
> Martin Kulov
> www.codeattest.com
Reply to this Message
nealboy - 04 Dec 2004 11:39 GMT
Hi Rob
   If you want Web Services authenticate against AD you don't need override
the AuthenticateToken method  in server side.
  You should just send your password in plaintext and WSE will do
everything OK.
> Environment(W2k, WS2, .Net 1.1,c#)
> Program(SmatClient, WebServices)
[quoted text clipped - 8 lines]
>
> Many thanks
Reply to this Message
Yedu - 28 Mar 2005 22:29 GMT
nealboy,
I am doing a web service authentication by passing the UserNameToken in the
soap header, but in my Web Method the Thread.CurrentPrincipal is empty. The
authentication is against the AD.
My thought is that it is authenticating but the Thread.CurrentPrincipal is
empty, I know this fact because if i pass Invalid UserName, it throws an
exception.

Please Help.

Thanks
Yedu.

> Hi Rob
>     If you want Web Services authenticate against AD you don't need override
[quoted text clipped - 15 lines]
> >
> > Many thanks
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.