By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,184 Members | 1,276 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,184 IT Pros & Developers. It's quick & easy.

user Authentication through webservice

P: n/a
I have a webservice based app that a company has purchased to use
internally. They want the authentication to integrate with their Active
Directory. Is there anyway that the client portion of the application
(which is a .NET WinForms app) can send some information about the logged in
user so that I could athenticate that user before accessing the database?
The database will not have individual user accounts but will authenticate
using a table in the database. The reason that I need this is so that the
company can push out the client app to it's users using Zenworks. So, the
install must get the user data from the Active directory. Therefore I need
to be able to use whatever information he can get from the AD and use it get
the same info from the AD from the webserver code. One thing I was thinking
of using was the AD object ID (a guid) but I don't know how I would pass
that value to the DirectorySearcher's filter property and I don't know if
that's a property that the ZenWorks install can grab anyway.

So, to sum up the client app polls a webservice to get some data, I need to
be able to get some user information (gleaned from the AD) from the client
and authenticate the user, then connect to the database and retrieve teh
requested data.

Any ideas?
Thanks.
Nov 23 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
You could just use integrated security for the web service, and pass the
default credentials from the client to the web service.

proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

where proxy is the proxy object to the web service.

--
Manohar Kamath
Editor, .netWire
www.dotnetwire.com
"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:O7**************@tk2msftngp13.phx.gbl...
I have a webservice based app that a company has purchased to use
internally. They want the authentication to integrate with their Active
Directory. Is there anyway that the client portion of the application
(which is a .NET WinForms app) can send some information about the logged in user so that I could athenticate that user before accessing the database?
The database will not have individual user accounts but will authenticate
using a table in the database. The reason that I need this is so that the
company can push out the client app to it's users using Zenworks. So, the
install must get the user data from the Active directory. Therefore I need to be able to use whatever information he can get from the AD and use it get the same info from the AD from the webserver code. One thing I was thinking of using was the AD object ID (a guid) but I don't know how I would pass
that value to the DirectorySearcher's filter property and I don't know if
that's a property that the ZenWorks install can grab anyway.

So, to sum up the client app polls a webservice to get some data, I need to be able to get some user information (gleaned from the AD) from the client
and authenticate the user, then connect to the database and retrieve teh
requested data.

Any ideas?
Thanks.

Nov 23 '05 #2

P: n/a
You could also use WSE and WS-Security and pass UsernameTokens or get
SecurityContextToken and authenticate to AD using LogonUser API inside the
Token verifier logic. WSE has a lot of security things you can do.

--
William Stacey, MVP
http://mvp.support.microsoft.com

"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:O7**************@tk2msftngp13.phx.gbl...
I have a webservice based app that a company has purchased to use
internally. They want the authentication to integrate with their Active
Directory. Is there anyway that the client portion of the application
(which is a .NET WinForms app) can send some information about the logged in user so that I could athenticate that user before accessing the database?
The database will not have individual user accounts but will authenticate
using a table in the database. The reason that I need this is so that the
company can push out the client app to it's users using Zenworks. So, the
install must get the user data from the Active directory. Therefore I need to be able to use whatever information he can get from the AD and use it get the same info from the AD from the webserver code. One thing I was thinking of using was the AD object ID (a guid) but I don't know how I would pass
that value to the DirectorySearcher's filter property and I don't know if
that's a property that the ZenWorks install can grab anyway.

So, to sum up the client app polls a webservice to get some data, I need to be able to get some user information (gleaned from the AD) from the client
and authenticate the user, then connect to the database and retrieve teh
requested data.

Any ideas?
Thanks.


Nov 23 '05 #3

P: n/a
This sounds interesting, do you have an more information on how to do this? I was looking for a LogonUser API and found
nothing. My application consist of a desktop application (written in .NET) that polls a web serivice. I have a client
that want AD integration. I need to pass the local users authenticated security token to the webservice and then be
able to retireve the users login name so that I can then authenticate that against my application's database. I have
already developed an AD scanning tool that runs as a windows service and creates accounts (using the SAMAccount name
from the AD) in my database so I just need to get the authenticated user info from the client to match up with what's in
my database.

I've never worked with active directory integration in a webservice (or anywhere else for that matter) so I need a lot
of info (quickly).

--Buddy


William Stacey [MVP] wrote:
You could also use WSE and WS-Security and pass UsernameTokens or get
SecurityContextToken and authenticate to AD using LogonUser API inside the
Token verifier logic. WSE has a lot of security things you can do.

Nov 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.