Get current process identity and authentication information
Question
I have a Windows Service running in a server with a specific identity, in a domain controlled by Active Directory.
I need to send this service identity to another service in the same network via TCP, using our own protocol and some kind of token to authenticate the caller in the destination server, similarly how Windows Authentication works with WCF or Windows Forms applications.
There is some way to do that (using .NET 4.5 and C#) without that I have to implement my own token service, using the AD/Windows infrastructure?
2 answers
solution1
2 2013-09-06 17:54:01
I was able to solve this using SSPI, like bmm60 suggested. With SSPI, is possible to authenticate using Kerberos and NTLM.
There's aa C++ managed assembly to the SSPI calls in this article: http://msdn.microsoft.com/en-us/library/ms973911.aspx
The same article has a good explanation how the authentication process works.
I've found a C# wrapper too (but a little more difficult to use), in here: http://www.pinvoke.net/default.aspx/secur32.initializesecuritycontext
Basically, the wrapper uses InitializeSecurityContext and AcceptSecurityContext Windows functions to provides the functionality.
solution2
0 2013-09-06 16:19:02
It would be easiest if you could leverage the built-in authentication of IIS or WCF. If you really need a TCP socket, I think you have to implement the authentication yourself. It's not conceptually difficult if you understand how Kerberos works, but it will take a while to work out the details of all the functions to call. MSDN has a decent overview here . In addition, I'm not aware of any C# wrappers for these, so you would probably need to p-invoke them all; consider writing that part in managed C++.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.