Tech Off Post

Single Post Permalink

View Thread: Lack of Managed Authentication
  • User profile image

    spod wrote:

    When u say "you can sign soap requests on behalf of the user" do you mean you would like the user to be automatically assoicated with a cert / private/public key pair  that can be used for digitally signing etc? Or are you just looking for a way to interface with the certificate api in managed code?

    Hi spod,

    Any samples coming before Longhorn perchance? Wink.

    In answer to your question no I am not really looking for more cryptographic hooks for signing, encryption etc., What's currently available in the .Net BCL is more than suficcient.

    What is missing, at least for me, is the key management piece. Obviously this is not something that can be provided by a library alone it also depends very heavily on the underlying platform. What I am talking about is hooks into the coupling of Active Directory and cryptographic mechanisms. 

    A simple example of what I was trying to articulate in my last post is:

    An application running on machine A signs a message on behalf of user A and then sends the message to an application running on machine B. The application on machine B is able to verify that the message came from user A using the platform's security services, i.e. Active Directory.  

    There are numerous more use cases especially around getting remote processes to use delegation and impersonation, particularly with regards to web services and remoting (IIS mechanisms are not always suitable).

    I do have the managed SSPI example that is available on msdn and this has temporarily filled my gaps in the past. But I look forward to having more managed access into the Window's security infrastructure.

    A positive side benefit is that my C++ got a workout trying to solve some of these problems Smiley.