We are developing a Winforms app that retrieves data from our company's SQL
Server 2000 database via a webservice.
We are considering using something like client certificates so that we have
a clear indication that the client using the software is authenticated.
Even though it is a Winforms app, we can't use the user's Windows login ID
since it's on a client/customer's machine and we do not want to have access
to their loginIDs. We will also use the certificate data to provide the
"authorization" mechanism to restrict the data in the database to what that
client can see.
We like the use of client certificates in web apps but the richness of the
thin Windows app so we're wanting to see if we can combine the two to pass
the client certificate to the webservice.
I have searched the net for anything that provides the mechanism for
combining the two without any success.
If anyone has run across a similar situation or has any advice, it would be
very much appreciated.
Thanks ...
Ron