[RESOLVED] Remote Authentication

[ifdef]

I'm thinking about designing a client server system where user credentials are use to control access to information on the server. I would like to use windows security to do this. I would like the client to pass the user token to the server where it would verify the users membership using groups.

How would I pass the user token from a client process on one computer to the server process on another? Is there a way this could happen in the background of the (Windows) OSes? I am not using IIS or SAP.

Thoughts on where to start?

Solutions that use "IsInRole" a bonus!

[TheCPUWizard]

NTLM authentication (the default for Windows) will NOT survive multi-le hops.

If you want a goos solution, use Kerberos [plenty of information avaailable on MSDN]

[MikeVallotton]

Using IIS with WCF services allows you to do this fairly easily, as the network credentials are an integral part of the request. Is there a reason not to use IIS?

You could create your own socket server, but this gets into a lot of issues with security and firewall restrictions, as well as having to reinvent the wheel.

Again, WCF is included in the .NET framework specifically to address this business need.

[ifdef]

Using IIS with WCF services allows you to do this fairly easily, as the network credentials are an integral part of the request. Is there a reason not to use IIS?

You could create your own socket server, but this gets into a lot of issues with security and firewall restrictions, as well as having to reinvent the wheel.

Again, WCF is included in the .NET framework specifically to address this business need.

Is there a specific place you would suggest looking in WCF. I could use the web server component of .net? I don't want to install IIS.

If I were to change the assumption and have the client be trusted to provide a authentic user id is there a way to check thats users membership in a group?