[jboss-user] [Security & JAAS/JBoss] - C# fat client using Windows Integrated Authentication over W

kenshiro2000 do-not-reply at jboss.com
Tue Jun 16 05:46:00 EDT 2009

I have a very complex architecture and I need some clarifications about the Windows Integrated Authentications and its capability.

I have fat C# client that needs to call an EJB3 in JBoss (on Linux) via WS. This is very easy to implement, but when I have to design the client authentication here is the problem. I don't want that my WS will be invoked by everyone!

I do not want the user re-insert their Windows logon credentials in their C# fat client, I think it is a big security issue because someone could rewrite a trojan fat client and logs all the users credentials!

So the question is how can I pass the Windows Principals over WS to JBoss and authenticate this Principals? Do I have to use JAAS and some PAM? is this possible in a JBoss on a Linux machine?

Some references could be very heplful for me.

P.S. this same post was posted in the MSDN forum. Sorry for the cross post but I need WS for interoperability so I think in this case cross-post should be allowed

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237827#4237827

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4237827

More information about the jboss-user mailing list