0 Replies Latest reply on Jun 16, 2009 5:45 AM by Kenshiro Re di Okuto

    C# fat client using Windows Integrated Authentication over W

    Kenshiro Re di Okuto Newbie

      I have a very complex architecture and I need some clarifications about the Windows Integrated Authentications and its capability.

      I have fat C# client that needs to call an EJB3 in JBoss (on Linux) via WS. This is very easy to implement, but when I have to design the client authentication here is the problem. I don't want that my WS will be invoked by everyone!

      I do not want the user re-insert their Windows logon credentials in their C# fat client, I think it is a big security issue because someone could rewrite a trojan fat client and logs all the users credentials!

      So the question is how can I pass the Windows Principals over WS to JBoss and authenticate this Principals? Do I have to use JAAS and some PAM? is this possible in a JBoss on a Linux machine?

      Some references could be very heplful for me.

      P.S. this same post was posted in the MSDN forum. Sorry for the cross post but I need WS for interoperability so I think in this case cross-post should be allowed