WCF Authentication with Kerberos and SSO on cross domains RRS feed

  • Question

  • We have an architecture with two domains (not subdomains).

    In domain A we have a winforms client (Accessed through Citrix) and an AD.
    In domain B we have a wcf service, which we would like to add authentication to.

    We also need to support SSO.

    The winforms client has been authenticated against the AD in domain A and has a Kerberos ticket (issued when logging in through Citrix).

    Is it possible for us to verify this kerberos ticket in the wcf service, which is running in another domain?

    It is possible for us to open ports for both Kerberos and LDAP from the wcf service in domain B to the AD in domain A. We are not allowed to setup a thrust between the domains - but we do have LDAP access and can copy objects from one AD to the other.

    Is it possible to verify the kerberos ticket using standard windows authentication configured in WCF? If so, how do you configure it to authenticate against another AD?

    Is it possible to use a kerberos client library of some kind or validate using LDAP? If so, how?
    Wednesday, July 10, 2013 5:14 AM

All replies