Im writing an IIS Application, which manages AD users. For this purpose Ive configured site to use Negitiate AuthenticationProvider, and everything works. I wonder, is NTLM suitable for operations with Active Directory (such as creating user accounts)? Or AD accepts only Kerberos authentication? ...
Before I start chucking objects at the server, I'd like to see if there's something I'm missing. Simply put, I have a Windows Server 2003 IIS 6 web app that is attempting to send a WebRequest object at a listener on yet another Windows Server 2003 server. I've set up Kerberos, looks like the SPNs are all OK for the middle server, and hav...
Hi I have a working Kerberos SSO setup, I use apache and jboss with mod_jk. Apache is protecting (by kerberos) the auto-login.htm page with the following configuration: <Location /auto-login.htm> AuthType Kerberos AuthName "Kerberos Active Directory Login" KrbMethodNegotiate on KrbMethodK5Passwd on KrbAu...
Is it possible to send both username token and the kerberos token over HTTPs with WCF? We are able to use custom binding with authentication mode set to 'UserNameOverTransport', which will include a username token in the SOAP header as per OASIS web services security standard. Alternatively can set the authentication mode to 'KerberosO...
I have multiple SharePoint web parts that needs to access Reporting service 2008 which is integrated into MOSS2007. There are 2 end points that I will be using: ReportService2006 and ReportExecution2005. I would like to put all the logic that calls the web service in one common assembly (class library) which will be packaged within the...
I have a web application using Kerberos to access an external resource useing ASP.NET 3.5 and IIS. When a user connects with the application, Kerberos authentication auto-magically allows me to connect to external resources acting as the user using delegation. This was not easy to do. It is nice, but I've a problem. Sometimes I need ...
Hi, I ran some tests on Kerberos and found out some strange behavior related to Firefox and Kerberos. I have a server running Apache + mod_auh_kerb which is configured to check kerberos credential when serving requests from clients. Kerberos authentication is performed and user without valid credentials are rejected. However, I do not u...
Here at work we just implemented an Apple Open Directory server. It stores everyone's usernames and passwords and implements LDAP and Kerberos. I've been tasked with configuring all of our ASP.Net web applications to authenticate with it--so users can use their Open Directory usernames and passwords to log into our ASP.Net applications. ...
I'm trying to use Impersonation and Delegation in an intranet ASP.Net web-app in order to pass authenticated users' credentials onto a SQL Server. The web server and SQL server are two separate machines, but in the same domain, so Delegation is required. I've done the following: set <authentication mode="Windows"/> and <identity impe...
I wrote a test client and server using the Cyrus SASL library, and I'm manually forcing it to select GSSAPI as the mechanism. While debugging, I printed the md5sum of each message as it was passed between the two. I noticed that the sequence seems to be the same every time I connect. That is, if the message sequence on the first negot...
I'm trying to do some development work that involves authentication at home on my Mac. I've got a full domain set up here with my mac joined to it. Unfortunately, it seems like mod_auth_kerb is non-existent for the Mac platform. I tried compiling from source, but I get a bunch of warnings that don't really make sense and the compilation ...
We are using c# webservice hosted in IIS. Webservice uses WSE3 extensions for Kerberos authentication. Sometimes webservice crashes with unhandled exception, which is loged in event log: Ereignistyp: Fehler Ereignisquelle: ASP.NET 2.0.50727.0 Ereigniskategorie: Keine Ereigniskennung: 1334 Datum: 22.01.2010 Zeit: 08:39:49 Benutzer: Nicht...
I have to access a web server at http://someserver and it requires some authentication. How can I tell if it is using NTLM, Kerberos or whatever it may be? ...
Hi, I am trying to write to a file on a server (web05) from a classic asp site running on Windows 2008 serer on IIS7 (webadmin). This fails and web05 logs an anonymous logon attempt during the course of the save operation. Webadmin's site is running on an app pool in classic mode with a domain user as the process account. The process ...
we are not able to access/download the .pdf file avail in one of the sharepoint 2007 webapplication over https, while trying to access/download the file system (desktop) hangs. so we tried with the below solutions: http: //support.microsoft.com/kb/917557/ http: //support.microsoft.com/kb/911149 but still could not fix the issue, an...
In one of our networks we are utilizing the netTCPBinding. The WCF service hosted in windows service that run as a domain account. From the event viewer I can see that my WCF service uses Kerberos authentication. Everything works seamlessly "out-of-the-box" with simple default configuration without an <identity> element in the configu...
Hello, I'm trying to convince Firefox 3.0.14 to send a Kerberos token. I have configured the service correctly and IE will send a Kerberos token (i.e. starting YI..), but after adding the hostname to the network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris settings in about:config, Firefox only sends an NTLM t...
Hi there, we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true doNotPrompt=true debug=true; }; With this, we can create a Jaas LoginContext and su...
Hi, Does anyone know how to clear out the Kerberos ticket cache on the local computer - using managed \ unmanaegd code? Thanks in advance! ...
My application uses msmapi32 to connect to Exchange server and download incoming messages. If I use Negotiate authentication in mapi profile, everything works fine, but other options fail. I get a non-descriptive error when calling 'm_session.SignOn();' method. AFAIK, Negotiate just chooses between Kerberos and NTLM, so I'm confused. Al...