Suppose there is a user PC with username 'USERNAME' in domain 'DOMAIN' The said user gets access to a site being run on PC using NTLM Then said ASP.NET MVC web app sends USERNAME and DOMAIN to a web-service hosted on a machine outside of DOMAIN.
How can this web-server check if said user has really authenticated against AD using NTLM? The goal is not to verify if such a user exists in AD, but if it has been indeed authenticated.
I guess some token needs to be passed to web-service along with USERNAME and DOMAIN, but don't know which.
If changing authentication protocol to Kerberos would help, it would be nice too
Aucun commentaire:
Enregistrer un commentaire