End user Authentication against AD

Question

Configuration.pdf specifies:
"As a further illustration, we will use Username client credentials, and demonstrate how the Configuration Service repository can be used to store username/passwords of registered service users, and perform automatic authentication against this store. Of course, other authentication databases can be used as well, such as Windows Active Directory, LDAP stores, or other custom stores. So this is just one example of many alternate configurations that are possible."

How do I configure StockTrader to authenticate end users - stock traders, against say AD?

I can see how in http://localhost/Config I can create an "external user" but then presumably I need to modify the StockTrader "SmartClient" to reflect that I am authenticating elsewhere?

Answer 1

You can:

 

1)  Use ClientCredentials=Windows on the binding (if client/service host on are the same AD/Network).  Then, you would use impersonation or set Windows Credentials on the client, and not use the built in Users table from Config Service at all (still would be using ConfigService, but not using Users table for authentication--on Win Server 2003/2008, you are then using full Kerberos security built into Windows).

 

2)  If you want to pass in username/password from an external net, and use ClientCredentials=UserName, then you could swap out logic in the base CustomUserNameValidator class provided and instead of looking up user in the Config DB Users table, you would use logic to lookup using .NET against AD.  Here is an article with some example code for using .NET to perform a lookup against an AD store:

 

http://www.15seconds.com/issue/020730.htm

 

-Greg