 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / March 2005WSE, UserNameToken and AD
If you are using UsernameTokens you have to have access to the clear-text password or some password equivalent on the server. That's the only answer i can give you, sorry. If your clients are in the same - or a trusted - windows domain - KerberosToken2 is the way to go. --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.framework.webservices.enhancements/<uix9q4hIFHA.1996@TK2MSFTNGP12.phx.gbl> Hi Situation today: Users are accessing our functionality through a WebService. We are using UsernameTokenManager.AuthenticateToken to authenticate users. Right now the users are stored in our proprietary database hence we can implement the AuthenticateToken without problems. Future: We are considering storing the users in an AD i.e. we no longer have access to their passwords. When clients are accessing our webservice they are sending the password usisng the "PasswordOption.SendHashed". So finally my question is: How to implement AuthenticateToken? What do we return from the AuthenticateToken method?? I know that WSE will automatically authenticate the user if PasswordOption.SendPlainText is used. But we have to use PasswordOption.SendHashed. Regards Morten [microsoft.public.dotnet.framework.webservices.enhancements] Thanks for the answer :-) Unfortunately our users are external users coming from different Domains which has nothing to to with each other... Thanks for your help :-) Regards Morten Overgaard > If you are using UsernameTokens you have to have access to the clear-text > password or some password equivalent on the server. [quoted text clipped - 35 lines] > > [microsoft.public.dotnet.framework.webservices.enhancements] Hi Morten, Are you still having problems with this scenario? Looks the UsernameToken sample that ships with WSE. In there, the AuthenticateToken returns the actual password, which WSE will then take, hash it and compare it with the bits on the wire (assuming the PasswordOption is SendHashed) Let me know if you need any more help Sidd [MSFT] > Thanks for the answer :-) Unfortunately our users are external users coming > from different Domains which has nothing to to with each other... [quoted text clipped - 13 lines] > > Dominick Baier - DevelopMentor > > http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.framework.webservices.enhancements/<uix9q4hIFHA.1996@TK2MSFTNGP12.phx.gbl> > > Hi > > [quoted text clipped - 21 lines] > > > > [microsoft.public.dotnet.framework.webservices.enhancements] Use SecurityContextTokens. If using Http and don't mind certs, wse has that built in. If you want soap.tcp or don't want certs, I blogged a solution at http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!303.entry.  SignatureWilliam Stacey, MVP http://mvp.support.microsoft.com > If you are using UsernameTokens you have to have access to the clear-text password or some password equivalent on the server. > [quoted text clipped - 5 lines] > Dominick Baier - DevelopMentor > http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.framework.webservices.enhancements/<uix9q4hIFHA.1996@TK2MSFTNGP12.phx.gbl> > Hi > [quoted text clipped - 19 lines] > > [microsoft.public.dotnet.framework.webservices.enhancements] Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.