Strategy for authenticating workstation in different domain without prompt
Question
I have a .NET application that runs in the background and collects information from Windows client workstations. It needs to send this information to a server in a different Windows domain. The application behaves similar to a Windows service (although it is not a true Windows service) in that it runs behind the scenes without the user's knowledge. Therefore, when my server needs to authenticate the workstations, the user cannot be prompted to enter a password or select a certificate--the authentication needs to happen without bothering them for input.
If both the workstations and the server were in the same domain, then I'd probably just use WCF with Windows Integrated Authentication aka Kerberos. But since they're not I need a different strategy. Any ideas?
1 answers
solution1
1 ACCPTED 2014-03-07 17:43:14
If you establish cross-realm trust between the domains, you can use Kerberos. In this case, the minimum needed is for the realm of the server (B) to trust the realm of the clients (A). This allows foo@A to acquire a ticket for bar@B.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.