Generate kerberos ticket using .NET

Question

I want to generate a Kerberos ticket using .NET with auth credentials supplied through a login form on a web page (this will authenticate user against in a sql db) and then use this ticket to authenticate the user as a single sign on across several other web apps.

Is this possible? I have had a look at WSE and it seems to assume you already have a granted kerberos ticket to use before using it to authenticate.

We have a MIT kerberos server to issue tickets.

Answer 1

It turns out you cannot generate a kerberos ticket using a web app as that would require your web server gaining access to the clients local file system to issue the token.

You can only simply request existing token from a client that has had one issued from a krb server though an application running on the client (or logging onto a windows domain).

We ended up writing a custom token service using a webservice