I am writing a webService that is going to be accessed anonymously (I don't
want to "configurab le" depend on windows integrated authentication) . But I
still want to authenticate the client (or rather the user using the client).
Because of this I want to send the WindowsPrincipa l from the client to the
webService in the SoapHeader. I don't want to send the credentials (userName,
password and domain) because I want the client to be unaware of what account
it runs at and since there may be several client applications (UIF
applications, not ASP.Net applications) I don't want to make the user logon
into each UIF.
The idea is to let user logon to his/her computer and start the UIF
applications. This client app (consumer of webService) gets the current
WindowsPrincipa l, serializes it (into a byte array using the BnaryFormatter) ,
encrypts it and sends it to the webService. The webService in turn decrypts
the message, deserialize the WindowsPrincipa l and impersonates it.
That's the idea, and it is quite successfull up until the point where I try
to deserialize the WindowsPrincipa l. It throws an exception saying "Invalid
token : it cannot be duplicated".
Obviously it is possible to send the WindowsPrincipa l since Windows
Integrated Authentication does just that. So, is there a trick to
(de)serializati on that I'm unaware of or is this object just not sendable by
anyone not in access of Microsoft specific mechanisms in the OS or the .Net
framework?
1  3899 
Hello Johan,
First of all it's not possible to send a WindowsPrincipa l object accross machines. A principal is a local object.
What you could do though is to use Integrated Security with IIS. (you configure the current credentials on the WS proxy.)
Then Windows will take care of it for you. You can enable impersonation in ASP.NET as well.
Best of luck,
Morty I am writing a webService that is going to be accessed anonymously (I
don't want to "configurab le" depend on windows integrated
authentication) . But I still want to authenticate the client (or
rather the user using the client).
Because of this I want to send the WindowsPrincipa l from the client to
the webService in the SoapHeader. I don't want to send the
credentials (userName, password and domain) because I want the client
to be unaware of what account it runs at and since there may be
several client applications (UIF applications, not ASP.Net
applications) I don't want to make the user logon into each UIF.
The idea is to let user logon to his/her computer and start the UIF
applications. This client app (consumer of webService) gets the
current WindowsPrincipa l, serializes it (into a byte array using the
BnaryFormatter) , encrypts it and sends it to the webService. The
webService in turn decrypts the message, deserialize the
WindowsPrincipa l and impersonates it.
That's the idea, and it is quite successfull up until the point where
I try to deserialize the WindowsPrincipa l. It throws an exception
saying "Invalid token : it cannot be duplicated".
Obviously it is possible to send the WindowsPrincipa l since Windows
Integrated Authentication does just that. So, is there a trick to
(de)serializati on that I'm unaware of or is this object just not
sendable by anyone not in access of Microsoft specific mechanisms in
the OS or the .Net framework? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Alek Davis |
last post by:
Hello,
I noticed an interesting problem. When calling WindowsPrincipal.IsInRole
over dial-up (VPN), this function takes 1-2 minute(s) to return. On the
intranet or when disconnected from the network, it is instantaneous. Even
more interesting is that IsInRole checks for a local group (e.g.
Administrators), not a domain group, so I am not sure why it would make such
a difference. Either version of IsInRole (with a string parameter and an...
|
by: Dan Kelley |
last post by:
I receive multiple (handled) ArgumentExceptions when I call
WindowsPrinciple.IsInRole. The exception text is:
A first chance exception of type 'System.ArgumentException' occurred in
mscorlib.dll
Additional information: Item has already been added.
Key in dictionary: "DOMAINNAME\userGroup"
Key being added: "DOMAINNAME\userGroup"
|
by: Kevin Burton |
last post by:
This is more of a solution that raised a question.
I have a Web service that does not allow anonymous users.
For debugging I put in the following lines in my Web
Service:
WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
|
by: Mark |
last post by:
Hello Friends
Please check following Code
Dim x As System.Security.Principal.WindowsPrincipal
x = System.Threading.Thread.CurrentPrincipal
Response.Write
(System.Security.Principal.WindowsIdentity.GetCurrent.Authe
nticationType & "<BR>")
Response.Write
|
by: Terry Olsen |
last post by:
I have administrator access on 2 different domains on the network at my job.
I wrote a program to query the registry key on remote PC's and return the
results to an excel spreadsheet. However, the program only works for the
domain I am currently logged into. If I try to query a machine on another
domain I get "permission denied". So I have to log out and log back in to
the other domain.
I recently used a program that added users to a...
| | |
by: Ray Booysen |
last post by:
Hi all
I'm sending email via ASP.NET in HTML mode. Each email has exactly one
attachment and I do have full access to the SMTP server. However, if I
send the email in HTML format, the framework reports the following
exception:
"System.Web.HttpException: Could not access 'CDO.Message' object. --->
System.Reflection.TargetInvocationException: Exception has been thrown
|
by: wk6pack |
last post by:
Hi,
I'm trying to get my application to authenticate using role based when the
user runs the application.
When the user logs on and is in the security group "school", the user gets
into the application no problem. But when the user is removed from the
group but doesnt log back in, he still has permissions to run the
application. This is also true if the user is already logged on and then
placed in the security group, the user cannot...
|
by: =?Utf-8?B?RjVGNUY1?= |
last post by:
I use the following function to ascertain if the current user is in ann AD
security group. It appears to work, except if the group contains any space
characters, it always returns false.
For example I am a member of groups "NWDeveloper" and "IT Development"
if I call the function CurrentUserInRole(@"DOMAIN\NWDeveloper"); it returns
true, however CurrentUserInRole(@"DOMAIN\IT Development"); it returns false.
I need to be able to...
|
by: Andy |
last post by:
Hi,
I currently have my application setup and built using Windows
Authentication (WindowsPrincipal). For security checks, I simply do
an IsInRole call on the Principal. The role permissions are hard-
coded, something like this:
private static string allowedReadRoles = new string { "Sales",
"Ordering" };
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
