NTLM API Authentication

[Maninder]

Hi,
I'm totally novice when it comes to authentication protocols.
Here is what is needed to be done: Create a web service which calls the NTLM
API for authenticating the user. I guess the parametres needed to be passed
to this web service area)username (b) password and maybe (c) domain name.
It should return "True" or "False".

How simple or hard is it to accomplish it? What are the major steps to be
performed? What needs to be done on the 2003 Server to make all this happen?

Any help would be much appreciated.

 

[Maninder]

Thanks MVP.
We have some intranet applications which we want to be able to access from
outside (home etc.). It has a login page where you enter your domain userid
and password. I need to authenticate the user using NTLM authentication.

I'm not sure what you mean by if I was looking to do this by hand. If it
meant that something like this is already available somewhere, then I would
be happy to grab it from there.

Please Help !!!

MSH,

One thing up front: You should NOT send unencrypted passwords via a web
service. SOAP uses XML format, which is text. Therefore everybody on the

big, bad internet can potentially get to your username and password.

Now, what exactly are you trying to do? IIS and ASP.NET or WSE (Web
Services Enhancements) both can so some of this functionality for you.
You could enable IIS authentication and mandate user authentication to
your web service via the authentication element in your web service's
web.config file. Or you could set up WSE to get the callers identity
from a UsernameToken or a Kerberos token. Both solutions require that
your web service client are able to communicate usernames and passwords
as the service requires.

Is there any reason why you are looking to do this by hand?

HTH,
Christoph Schittko
MVP XML
http://weblogs.asp.net/cschittko

-----Original Message-----
From: Maninder [mailto:[email protected]]
Posted At: Tuesday, January 25, 2005 6:41 PM
Posted To: microsoft.public.dotnet.framework.aspnet.webservices
Conversation: NTLM API Authentication
Subject: NTLM API Authentication

Hi,
I'm totally novice when it comes to authentication protocols.
Here is what is needed to be done: Create a web service which calls the
NTLM
API for authenticating the user. I guess the parametres needed to be
passed
to this web service area)username (b) password and maybe (c) domain
name.
It should return "True" or "False".

How simple or hard is it to accomplish it? What are the major steps to be
performed? What needs to be done on the 2003 Server to make all this
happen?

Any help would be much appreciated.