Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: VB6,COM+
Expertise: Advanced
Dec 15, 2001

Setting authentication across different domains

COM doesn't have a built in security mechanism, but relies on Windows authentication services (Security Service Providers). When you access a resource or invoke a method in a remote DCOM server (or MTS package / COM+ Application), security checks cannot be performed in the standard way if the client is not running into the same domain (or the same workstation, but in this case there would be no remote communication) where the server is).

1) The server tries to see if there is a user that matches the client identity in the domain or workstation account database he belongs to.
2) If step one succeds then Windows check if this user password match the password of the client identity.

If both steps succeeded then the client is "indirectly" authenticated and then, form this point, all access control is performed using this "matching" user. Fallback autientication is not easy to maintain, since two accounts must be kept in synch, but in some situations this mechanism can be usefull, if not the only one available.

Enrico Sabbadin
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap