We work on a server 2003 and server 2008 R2 enviroment.
I'm familiar with the basic usage of the Kerberos protocol where the protocol authenticates a client when he tries to use a shared resource (server, folder, printer, etc.).
We have three distinct and independent .NET applications that we develop inhouse (app A, app B & app C) but they need to communicate for a given reason (A recieves messages only from B and C and C recieves messages only from B).
Is it possible to configure the Kerberos services to authenticate messages/request between two .NET apps ? (Instead of a user-server authentication, we will have an application-application authentication)
Asked
Active
Viewed 150 times
0
Spivi
- 33
- 5
1 Answers
0
Usually applications run under some identity, either a user or computer. Those security principals can be authenticated against a kerberos domain/realm. Further, authorization may be determined by the entries in the pac (privilege attribute certificate). If the app does not run under a domain user or computer identity, kerberos may not be of much use.
One option in this scenario may be certificate authentication.
Greg Askew
- 34,339
- 3
- 52
- 81