-
1. Re: What's to stop someone from maliciously extending NTLogi
petertje Jan 24, 2003 3:59 AM (in response to oz59)If you are using client-side authentication, the answer is yes. But if you're using server-side authentication, and you have secured your server (file system) appropriately, they can't......
Does this answer your question, or am i missing your point?
Cheers,
Peter. -
2. Re: What's to stop someone from maliciously extending NTLogi
oz59 Jan 24, 2003 6:54 AM (in response to oz59)> If you are using client-side authentication, the
> answer is yes. But if you're using server-side
> authentication, and you have secured your server
> (file system) appropriately, they can't......
>
> Does this answer your question, or am i missing your
> point?
>
> Cheers,
> Peter.
Yes, it would be client-side authentication w/ the knowledge that they'd at least have permission to access the middle tier to gain further authorization according to the server's business rules (on the assumption that the Subject is legitimately who they claim to be). The NTUserPrincipal would be run against some repository to make sure things match up.
This is basically an EAI scenario where the single sign-on isn't necessarily through the server.
Is there a fool-proof way to ensure that the Principals retrieved via the Subject are the exact classes in my server's classpath?
Thanks again for any thoughts.