We have a .NET GUI that is talking to a backend J2EE server using a proprietary bridging solution (not webservices). All of the GUI users logon to their machines, which in turn authenticates them against ActiveDirectory. So by the time the user pulls up the GUI s/he has already been authed against ActiveDirectory. So far, so good. The problem now arises as the J2EE server is protected against ActiveDirectory as well. So any access to the J2EE server requires user/pass to go against ActiveDirectory for auth/auth. We need to be able to extract the user/pass from the GUI and pass it down to the J2EE server for auth. Yes I know -- "we cant gain access to the password because of..."

So is there token or anything else that an ActiveDirectory "logon" provides me that I could pass to the J2EE server to say "hey its me and I am already logged on". I know that System.WindowsIdentity.Token is the pointer to the currently logged on identity that can be used to pass into native functions etc. but I don't think that is going to help me at all. What I would like to be able to do is from the GUI code -

1) talk to the AD api and say "give me the current logon session id"
2) pass the user and the result from 1) over to J2EE
3) on the J2EE side (I control the logon and access against AD here) take the
   items passed from 2) and verify against the AD api that it is valid

Thanks and sorry for the long-drawn post. :)

--------------------------------
From: chris bono

-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)

<Id>rTc5ptomAEyDYrrpCV815Q==</Id>

The right way to do this is by using the built in Kerberos features in
Windows.  However, that would require the J2EE server to support this.

Otherwise, you will need to transmit passwords (not a good idea if it can be
avoided) or roll your own protocol.  Do you have any flexibility changing
how the J2EE backend works though?

Joe K.

We have a .NET GUI that is talking to a backend J2EE server using a
proprietary bridging solution (not webservices). All of the GUI users logon
to their machines, which in turn authenticates them against ActiveDirectory.
So by the time the user pulls up the GUI s/he has already been authed
against ActiveDirectory. So far, so good. The problem now arises as the J2EE
server is protected against ActiveDirectory as well. So any access to the
J2EE server requires user/pass to go against ActiveDirectory for auth/auth.
We need to be able to extract the user/pass from the GUI and pass it down to
the J2EE server for auth. Yes I know -- "we cant gain access to the password
because of..."

So is there token or anything else that an ActiveDirectory "logon" provides
me that I could pass to the J2EE server to say "hey its me and I am already
logged on". I know that System.WindowsIdentity.Token is the pointer to the
currently logged on identity that can be used to pass into native functions
etc. but I don't think that is going to help me at all. What I would like to
be able to do is from the GUI code -

1) talk to the AD api and say "give me the current logon session id"
2) pass the user and the result from 1) over to J2EE
3) on the J2EE side (I control the logon and access against AD here) take
the
   items passed from 2) and verify against the AD api that it is valid

Thanks and sorry for the long-drawn post. :)

--------------------------------
From: chris bono

-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)

<Id>rTc5ptomAEyDYrrpCV815Q==</Id>

IIS Authentication Problem?
AddDomain with FullTrust
get remote server's SSL public key
SignedXml fails under .NET 2.0 Beta
WinForms App Security Error
.NET thin control & IE
PrincipalPermission.Demand() returns: Request for principal permission failed
Assymetric encryption - building an interopable solution that works with .NET/Java/OpenSSL
StrongNameIdentityPermission and Web Services
Security problem while accessing web page with web request within windows .net control