Results 1 to 3 of 3

Thread: Can someone please explain authorization process and setup

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    May 2002
    Posts
    1,602

    Can someone please explain authorization process and setup

    I have the following scenario

    * a webserver where I have set up an asp.net webapplication
    I have set it to basic authorization only, and on file level I have default permissions + an account I created for this application (mydomain\mywsapp_account) It is a domain account in the active directory


    * I have an asp.net application on another webserver where the user has to identify himself using his domain username and password. I have set this web app to basic authentication and on file level I have added the AD group "myapp_users". The user cant proceed unless he/she belongs to this group.

    Now the tricky part is, how should I call the webservice from within my application??? I need somehow to pass the credentials of the "mydomain\mywsapp_account" from the calling app to the webservice. I could hard code this in the app by creating a new network credentials object, but thats not good.

    How should you have set up this? Im a bit lost here.

    Oh another thing... On my web application in IIS I have set authentication to integrated windows, but when I call

    CredentialCache.DefaultCredentials I get an empty object?? Why??




    /Henrik
    Last edited by MrNorth; Jan 10th, 2006 at 04:37 AM.

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: Can someone please explain authorization process and setup

    Without questioning your reasons for wanting to do so, have a look at this:

    http://support.microsoft.com/?kbid=329290

    It'll allow you to encrypt and store the credentials for your single account in the registry, which you can then use.

  3. #3
    Addicted Member WALDO's Avatar
    Join Date
    Aug 2002
    Location
    Swing of Prussia, PA
    Posts
    244

    Re: Can someone please explain authorization process and setup

    If I understand you correctly, you have a client on a different server which users log in to. You wish to pass their credentials to the webservice call.

    If it were me, I would create some kind of token for the user's credentials on the client server and pass the token to the webservice call. The web service would have to be able to read that token, decrypt it, and pull genuine authentic information from it.

    The problem with that is that it doesn't prevent someone from supplying fake credentials to the web service. It is not absolutely secure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width