I am writing a webService that is going to be accessed anonymously (I don't
want to "configurab le" depend on windows integrated authentication) . But I
still want to authenticate the client (or rather the user using the client).
Because of this I want to send the WindowsPrincipa l from the client to the
webService in the SoapHeader. I don't want to send the credentials (userName,
password and domain) because I want the client to be unaware of what account
it runs at and since there may be several client applications (UIF
applications, not ASP.Net applications) I don't want to make the user logon
into each UIF.
The idea is to let user logon to his/her computer and start the UIF
applications. This client app (consumer of webService) gets the current
WindowsPrincipa l, serializes it (into a byte array using the BnaryFormatter) ,
encrypts it and sends it to the webService. The webService in turn decrypts
the message, deserialize the WindowsPrincipa l and impersonates it.
That's the idea, and it is quite successfull up until the point where I try
to deserialize the WindowsPrincipa l. It throws an exception saying "Invalid
token : it cannot be duplicated".
Obviously it is possible to send the WindowsPrincipa l since Windows
Integrated Authentication does just that. So, is there a trick to
(de)serializati on that I'm unaware of or is this object just not sendable by
anyone not in access of Microsoft specific mechanisms in the OS or the .Net
framework? 1 3900
Hello Johan,
First of all it's not possible to send a WindowsPrincipa l object accross machines. A principal is a local object.
What you could do though is to use Integrated Security with IIS. (you configure the current credentials on the WS proxy.)
Then Windows will take care of it for you. You can enable impersonation in ASP.NET as well.
Best of luck,
Morty I am writing a webService that is going to be accessed anonymously (I don't want to "configurab le" depend on windows integrated authentication) . But I still want to authenticate the client (or rather the user using the client).
Because of this I want to send the WindowsPrincipa l from the client to the webService in the SoapHeader. I don't want to send the credentials (userName, password and domain) because I want the client to be unaware of what account it runs at and since there may be several client applications (UIF applications, not ASP.Net applications) I don't want to make the user logon into each UIF.
The idea is to let user logon to his/her computer and start the UIF applications. This client app (consumer of webService) gets the current WindowsPrincipa l, serializes it (into a byte array using the BnaryFormatter) , encrypts it and sends it to the webService. The webService in turn decrypts the message, deserialize the WindowsPrincipa l and impersonates it.
That's the idea, and it is quite successfull up until the point where I try to deserialize the WindowsPrincipa l. It throws an exception saying "Invalid token : it cannot be duplicated".
Obviously it is possible to send the WindowsPrincipa l since Windows Integrated Authentication does just that. So, is there a trick to (de)serializati on that I'm unaware of or is this object just not sendable by anyone not in access of Microsoft specific mechanisms in the OS or the .Net framework? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Alek Davis |
last post by:
Hello,
I noticed an interesting problem. When calling WindowsPrincipal.IsInRole
over dial-up (VPN), this function takes 1-2 minute(s) to return. On the
intranet or when disconnected from the network, it is instantaneous. Even
more interesting is that IsInRole checks for a local group (e.g.
Administrators), not a domain group, so I am not sure why it would make such
a difference. Either version of IsInRole (with a string parameter and an...
|
by: Dan Kelley |
last post by:
I receive multiple (handled) ArgumentExceptions when I call
WindowsPrinciple.IsInRole. The exception text is:
A first chance exception of type 'System.ArgumentException' occurred in
mscorlib.dll
Additional information: Item has already been added.
Key in dictionary: "DOMAINNAME\userGroup"
Key being added: "DOMAINNAME\userGroup"
|
by: Kevin Burton |
last post by:
This is more of a solution that raised a question.
I have a Web service that does not allow anonymous users.
For debugging I put in the following lines in my Web
Service:
WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
|
by: Mark |
last post by:
Hello Friends
Please check following Code
Dim x As System.Security.Principal.WindowsPrincipal
x = System.Threading.Thread.CurrentPrincipal
Response.Write
(System.Security.Principal.WindowsIdentity.GetCurrent.Authe
nticationType & "<BR>")
Response.Write
|
by: Terry Olsen |
last post by:
I have administrator access on 2 different domains on the network at my job.
I wrote a program to query the registry key on remote PC's and return the
results to an excel spreadsheet. However, the program only works for the
domain I am currently logged into. If I try to query a machine on another
domain I get "permission denied". So I have to log out and log back in to
the other domain.
I recently used a program that added users to a...
| |
by: Ray Booysen |
last post by:
Hi all
I'm sending email via ASP.NET in HTML mode. Each email has exactly one
attachment and I do have full access to the SMTP server. However, if I
send the email in HTML format, the framework reports the following
exception:
"System.Web.HttpException: Could not access 'CDO.Message' object. --->
System.Reflection.TargetInvocationException: Exception has been thrown
|
by: wk6pack |
last post by:
Hi,
I'm trying to get my application to authenticate using role based when the
user runs the application.
When the user logs on and is in the security group "school", the user gets
into the application no problem. But when the user is removed from the
group but doesnt log back in, he still has permissions to run the
application. This is also true if the user is already logged on and then
placed in the security group, the user cannot...
|
by: =?Utf-8?B?RjVGNUY1?= |
last post by:
I use the following function to ascertain if the current user is in ann AD
security group. It appears to work, except if the group contains any space
characters, it always returns false.
For example I am a member of groups "NWDeveloper" and "IT Development"
if I call the function CurrentUserInRole(@"DOMAIN\NWDeveloper"); it returns
true, however CurrentUserInRole(@"DOMAIN\IT Development"); it returns false.
I need to be able to...
|
by: Andy |
last post by:
Hi,
I currently have my application setup and built using Windows
Authentication (WindowsPrincipal). For security checks, I simply do
an IsInRole call on the Principal. The role permissions are hard-
coded, something like this:
private static string allowedReadRoles = new string { "Sales",
"Ordering" };
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |