Ask a Question related to ASP.NET Security, Design and Development.
-
Pete #1
tricky multi-tier delegation
Is it possible to implement a 2-tier ASP.NET app with delegation to
the back-end without authenticating the user at the middle-tier?
I have IIS running a presentation application that needs to delegate
Kerberos authentication to a proprietary back-end (non-Windows)
server. The kicker is that the presentation server is not connected to
the Authentication Server/KDC, so it cannot authenticate the user. The
client, presentation server and back-end server are all connected on a
private LAN, but only the client & back-end are on the intranet. I
want the client to provide credentials (ticket) to the middle-tier,
who in turn provides those same credentials to the back-end, without
the middle-tier doing any authentication himself. I can't find a way
to do this.
Thanks,
Pete
Pete Guest
-
nested templates for multi-tier navigation
Greetings, I am trying to use dreamweaver templates to build a site that my client can maintain after initial development. The site will involve... -
Creating IIS Login to SQL Server in multi-tier app
Hi I am designing a sample app that has 3 tiers - Web Browser, dotnet app & DB server. I believe (correct me if I am wrong) that given that... -
Message board layered architecture 2-tier or 3-tier?
Hi, I've got a VB.Net + ASP.Net message board application which has already been customized. There are two solutions in this application. 1. The... -
WebService newbie - consuming in multi-tier dev env... (DEV-UAT-PROD)
I have a web service that we have deployed in our development, UAT, and production environment. When I add the web service to a project, I want to... -
3-tier
Hello, Can I create a web server uning the 3-tier technology??? -
Ken Schaefer #2 Re: tricky multi-tier delegation
I don't think this is possible.
Kerberos authentication requires that the client get a ticket to access the
service (the service being IIS). If IIS is using Kerberos authentication, it
won't accept the ticket unless it can validate it.
Delegation is then a subsequent step. Here the webserver (IIS) has been
granted permissions to "act as a the user" - i.e. get a service ticket on
the user's behalf to access the backend server. To get this ticket, IIS
needs to communicate with the KDC - but you say this isn't possible.
What I suppose you can do is have the user supply their credentials using a
non-HTTP based authentication mechanism (eg a HTML form). Your ASP.NET app
can pass that to the backend server, which in turn can verify the
credentials against Active Directory. However, if the backend server is
expecting a kerberos ticket, then this will be difficult, because the IIS
box needs to communicate with the KDC to get a ticket on the user's behalf.
Cheers
Ken
"Pete" <peter.gehrman@unisys.com> wrote in message
news:bfca4620.0411111023.5da35c4e@posting.google.c om...> Is it possible to implement a 2-tier ASP.NET app with delegation to
> the back-end without authenticating the user at the middle-tier?
>
> I have IIS running a presentation application that needs to delegate
> Kerberos authentication to a proprietary back-end (non-Windows)
> server. The kicker is that the presentation server is not connected to
> the Authentication Server/KDC, so it cannot authenticate the user. The
> client, presentation server and back-end server are all connected on a
> private LAN, but only the client & back-end are on the intranet. I
> want the client to provide credentials (ticket) to the middle-tier,
> who in turn provides those same credentials to the back-end, without
> the middle-tier doing any authentication himself. I can't find a way
> to do this.
>
> Thanks,
> Pete
Ken Schaefer Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
