T
timmmahh
I'm trying to use the NegotiateStream functionality in .NET 2.0. I
initially made the channel secure by simply adding the 'secure=true'
attribute to the channel configuration settings.
The problem I have is that when all clients/server machines are in a
single domain, everything works fine. However, when I attempt to make
a remote call to a server outside of the domain (say in it's own
workgroup) I receive an exception 'The server has rejected the client
credentials'.
Presuming that this fails because the credentials passed from the
client (in the domain) to the server (in a workgroup) cannot be
authenticated on the server, I then added the following attributes to
the channel configuration:
username=cleartextusername password=cleartextpassword
- where 'cleartextusername' is the administrator account on the server
and 'cleartextpassword' is the administrator account password.
By doing this, my application worked ok. However, this just doesn't
seem right. It seems absolute madness for Microsoft to design a secure
channel, and then force the usage of cleartext user/password to get it
to work across such a basic network topology as domain to workgroup
relationships. However, I can't seem to find a decent workaround
anywhere.
Therefore, can anyone advise on an alternative, or:
1. Is there someway I can setup a trust between the domain and
workgroup so that the credentials supplied by the client (in a domain)
can be authenticated by a server (in a workgroup)???
2. How can I prevent having to get the user to add a cleartext
username or password in the config file?
initially made the channel secure by simply adding the 'secure=true'
attribute to the channel configuration settings.
The problem I have is that when all clients/server machines are in a
single domain, everything works fine. However, when I attempt to make
a remote call to a server outside of the domain (say in it's own
workgroup) I receive an exception 'The server has rejected the client
credentials'.
Presuming that this fails because the credentials passed from the
client (in the domain) to the server (in a workgroup) cannot be
authenticated on the server, I then added the following attributes to
the channel configuration:
username=cleartextusername password=cleartextpassword
- where 'cleartextusername' is the administrator account on the server
and 'cleartextpassword' is the administrator account password.
By doing this, my application worked ok. However, this just doesn't
seem right. It seems absolute madness for Microsoft to design a secure
channel, and then force the usage of cleartext user/password to get it
to work across such a basic network topology as domain to workgroup
relationships. However, I can't seem to find a decent workaround
anywhere.
Therefore, can anyone advise on an alternative, or:
1. Is there someway I can setup a trust between the domain and
workgroup so that the credentials supplied by the client (in a domain)
can be authenticated by a server (in a workgroup)???
2. How can I prevent having to get the user to add a cleartext
username or password in the config file?