E
Ethan Shayne
I would like to set up a web service to use Windows authentication. I
understand how to do this in a situation where the client passes a
NetworkCredential instance, and have the web server authenticate for
me using Windows authentication.
However, in this particular case I know that the client will be within
the same intranet and on the same Windows domain as the web server.
And I want to have my web server authenticate based on the Windows
login already in use by the client application.
Here's what I've tried so far:
I started with setting <authentication mode="Windows"/> and <identity
impersonate="true"/> in my web.config file. I then set up IIS to turn
off anonymous access, and enable Windows authentication.
In my web method (C#, if it matters), I have code to look at
this.User.Identity.Name.
In my client application, I was able to successfully set Credentials
on my proxy object to a new NetworkCredential instance. When I use
this client application to call my web method, the web method
correctly reports this.User.Identity.Name as the one I set in the
NetworkCredential instance. And the web method call also correctly
fails if the username and password I set in the NetworkCredential
instance are not valid on this domain.
However, here's my problem: I had to fill in the NetworkCredential
instance in my client application with a username and password. What I
want is to pass a NetworkCredential instance representing the
currently logged-in user. In other words, if "freduser" already logged
into Windows and ran the client application, I want my web method to
report that this.User.Identity.Name is "freduser" - without having to
prompt the user for their password again in the client application.
Since I can't get the current user's password programmatically, I
don't know how to create the NetworkCredential instance without
prompting.
Can anyone tell me if there's a way to accomplish this?
Thanks,
Ethan
understand how to do this in a situation where the client passes a
NetworkCredential instance, and have the web server authenticate for
me using Windows authentication.
However, in this particular case I know that the client will be within
the same intranet and on the same Windows domain as the web server.
And I want to have my web server authenticate based on the Windows
login already in use by the client application.
Here's what I've tried so far:
I started with setting <authentication mode="Windows"/> and <identity
impersonate="true"/> in my web.config file. I then set up IIS to turn
off anonymous access, and enable Windows authentication.
In my web method (C#, if it matters), I have code to look at
this.User.Identity.Name.
In my client application, I was able to successfully set Credentials
on my proxy object to a new NetworkCredential instance. When I use
this client application to call my web method, the web method
correctly reports this.User.Identity.Name as the one I set in the
NetworkCredential instance. And the web method call also correctly
fails if the username and password I set in the NetworkCredential
instance are not valid on this domain.
However, here's my problem: I had to fill in the NetworkCredential
instance in my client application with a username and password. What I
want is to pass a NetworkCredential instance representing the
currently logged-in user. In other words, if "freduser" already logged
into Windows and ran the client application, I want my web method to
report that this.User.Identity.Name is "freduser" - without having to
prompt the user for their password again in the client application.
Since I can't get the current user's password programmatically, I
don't know how to create the NetworkCredential instance without
prompting.
Can anyone tell me if there's a way to accomplish this?
Thanks,
Ethan