|
-
Jan 10th, 2006, 04:34 AM
#1
Thread Starter
Frenzied Member
Can someone please explain authorization process and setup
I have the following scenario
* a webserver where I have set up an asp.net webapplication
I have set it to basic authorization only, and on file level I have default permissions + an account I created for this application (mydomain\mywsapp_account) It is a domain account in the active directory
* I have an asp.net application on another webserver where the user has to identify himself using his domain username and password. I have set this web app to basic authentication and on file level I have added the AD group "myapp_users". The user cant proceed unless he/she belongs to this group.
Now the tricky part is, how should I call the webservice from within my application??? I need somehow to pass the credentials of the "mydomain\mywsapp_account" from the calling app to the webservice. I could hard code this in the app by creating a new network credentials object, but thats not good.
How should you have set up this? Im a bit lost here.
Oh another thing... On my web application in IIS I have set authentication to integrated windows, but when I call
CredentialCache.DefaultCredentials I get an empty object?? Why??
/Henrik
Last edited by MrNorth; Jan 10th, 2006 at 04:37 AM.
-
Jan 10th, 2006, 04:36 PM
#2
Re: Can someone please explain authorization process and setup
Without questioning your reasons for wanting to do so, have a look at this:
http://support.microsoft.com/?kbid=329290
It'll allow you to encrypt and store the credentials for your single account in the registry, which you can then use.
-
Jan 10th, 2006, 06:11 PM
#3
Addicted Member
Re: Can someone please explain authorization process and setup
If I understand you correctly, you have a client on a different server which users log in to. You wish to pass their credentials to the webservice call.
If it were me, I would create some kind of token for the user's credentials on the client server and pass the token to the webservice call. The web service would have to be able to read that token, decrypt it, and pull genuine authentic information from it.
The problem with that is that it doesn't prevent someone from supplying fake credentials to the web service. It is not absolutely secure.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|