WIN AUTH over VPN

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Russ - 14 Feb 2005 23:15 GMT

I'm developing a windows client app which is able to communicate with web
services in an IIS virtual directory. Current thinking is to secure the
services with Windows Authentication. This is fine if the user is logged
into the Domain on the LAN. What will happen if the user takes the laptop
home, logs in to the local machine and connects to the company VPN? WIll
requests to the web service get authenticated against the VPN domain user, or
the local machine user?

Thanks
Russ

Reply to this Message

Keenan Newton - 15 Feb 2005 03:34 GMT

the credentials used should be the same as the credentials that is
running the windows application. So in this case the account the user
logged in as on his laptop.

Reply to this Message

Russ - 16 Feb 2005 00:17 GMT

Would it be possible to grab the VPN credentials (or store them in a config
and grab them from there) and impersonate that user ?

> the credentials used should be the same as the credentials that is
> running the windows application. So in this case the account the user
> logged in as on his laptop.

Reply to this Message

Keenan Newton - 16 Feb 2005 04:02 GMT

Yes it is possible to do that take a look at the
System.Net.CredentialCache classes

Reply to this Message

Russ - 17 Feb 2005 19:31 GMT

So its possible to pass specific credentials, would you know if its possible
to grab the credentials from the VPN? Possilby a question for a different
group? I'm guessing that it would not be possible - bit of a security issue
;-)

TIA

Russ

> Yes it is possible to do that take a look at the
> System.Net.CredentialCache classes

Reply to this Message

Keenan Newton - 17 Feb 2005 21:15 GMT

No not possile sorry. :)

Reply to this Message

WIN AUTH over VPN

Free Magazines