I have an authentication webservice which I pass a username and password to. This returns a bespoke credentials object to the requesting application. This credentials object is then used throughout the application (its passed to other service methods).
public Credentials login (string username, string password) {
}
I have been asked to support windows authentication.
I can grab the users username and just pass that to the authentication web service, however this is hugely insecure.
So, I need to add a new service method to the authentication webservice that interogates the users windows credentials assoicated with the request.
public Credentials login() {
//extract info from windows auth
}
Does this seem sensible?