Hi,
I am rather new into LiveLink and its web services.
I got the task to integrate an ASP.NET 3.5 based web application to LiveLink document management using WCF (Windows Communication Foundation) and LiveLink web services.
I have issues with the authentication.
The clients run Internet Explorer 6 / 7 browser on Windows XP. Users are member of an Active Directory domain and Windows integrated authentication is used on IIS 6 web server (Windows Server 2003).
I see that the Authentication web service has several options for client authentication, but none of them seems to be perfect for me.
AuthenticateUser requires the user password. That I would not like to ask from the users.
ImpersonateUser requires only the user name, but it does not work for me, it throws an "Invalid username/password specified" exception.
I could store the user or application name and the password (of course encrypted) in config, and use them in AuthenticateUser or AuthenticateApplication, but in this case I'm afraid, the inforamtion about the user who uploaded the document will be lost.
From my former web developer experience I know that I cannot pass the identity of the original user from client through the web server to a third computer (LiveLink server in this case) unless Kerberos is implemented because of the double hops issue.
I would like to ask you what is the best practice for this kind of application.
Thanks in advance for your help!
Peter
I am rather new into LiveLink and its web services.
I got the task to integrate an ASP.NET 3.5 based web application to LiveLink document management using WCF (Windows Communication Foundation) and LiveLink web services.
I have issues with the authentication.
The clients run Internet Explorer 6 / 7 browser on Windows XP. Users are member of an Active Directory domain and Windows integrated authentication is used on IIS 6 web server (Windows Server 2003).
I see that the Authentication web service has several options for client authentication, but none of them seems to be perfect for me.
AuthenticateUser requires the user password. That I would not like to ask from the users.
ImpersonateUser requires only the user name, but it does not work for me, it throws an "Invalid username/password specified" exception.
I could store the user or application name and the password (of course encrypted) in config, and use them in AuthenticateUser or AuthenticateApplication, but in this case I'm afraid, the inforamtion about the user who uploaded the document will be lost.
From my former web developer experience I know that I cannot pass the identity of the original user from client through the web server to a third computer (LiveLink server in this case) unless Kerberos is implemented because of the double hops issue.
I would like to ask you what is the best practice for this kind of application.
Thanks in advance for your help!
Peter