I have a very complex architecture and I need some clarifications about the Windows Integrated Authentications and its capability.
I have fat C# client that needs to call an EJB3 in JBoss (on Linux) via WS. This is very easy to implement, but when I have to design the client authentication here is the problem. I don't want that my WS will be invoked by everyone!
I do not want the user re-insert their Windows logon credentials in their C# fat client, I think it is a big security issue because someone could rewrite a trojan fat client and logs all the users credentials!
So the question is how can I pass the Windows Principals over WS to JBoss and authenticate this Principals? Do I have to use JAAS and some PAM? is this possible in a JBoss on a Linux machine?
Some references could be very heplful for me.