I have a web application on an IBM WAS server (Windows).
In the WAS app users are able to browse files on a different server. This functionality connects to a web service in order to retrieve a listing of files from a network path.
The web service is built with .net and resides on a separate server which is in the same domain as the file server.
The WAS app service request sends the user's id as part of the call.
Is there a way to take the user's id that is passed to the web service and restrict that user to only the files/folders they have access to based on Windows Security?
From what I know this is not possible unless the WAS app is able to send the request to the web service as the logged in user.
So, my second question is, is it possible to pass Windows user credentials from a WAS application to a web service?
I'm not too familiar with Windows Authentication and impersonation and I know even less about WAS and how it handles security so I'm hoping to find out if this is possible and where I might get started.