We are implementing a web application that uses Kerberos for authentication. In the browser there is no concerns, so it works perfect. Now we need to supply a subset of web application services via web API.
Getting Kerberos ticket once with InitializeSecurityContext() of Windows SSPI, and sending it in Authorization header of one request is working but is there a good way to obtain ticket once and use it for multiple requests (as long as ticket does not expires)? For now it is OK for a period under time skew limit (default: 5 min.).
Asked
Active
Viewed 841 times
2
E. Vakili
- 121
- 3