I have a very complex architecture and I need some clarifications about the Windows Integrated Authentications and its capability. I have fat C# client that needs to call an EJB3 in JBoss (on Linux) via WS. This is very easy to implement, but when I have to design the client authentication here is the problem. I don't want that my WS will be invoked by everyone! I do not want the user re-insert their Windows logon credentials in their C# fat client, I think it is a big security issue because someone could rewrite a trojan fat client and logs all the users credentials! So the question is how can I pass the Windows Principals over WS to JBoss and authenticate this Principals? Do I have to use JAAS and some PAM? is this possible in a JBoss on a Linux machine? Some references could be very heplful for me. P.S. this same post was posted in the MSDN forum. Sorry for the cross post but I need WS for interoperability so I think in this case cross-post should be allowed View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237829#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...