Welcome! and rules
Joel on Software
Storing username/password for delegation?
Let's say I have a web service which delegates to another.
Webservice A requires (Windows) authentication, and thus knows who is calling it and can detemine if the calling user is authorized.
Webservice B only works with a specific username/password, known only to web service A.
What is the reccomended mechanism for handling this?
The best I've found so far is for webservice A to impersonate (with web.config settings) the user required for B, and saving the username/password in the registry with aspnet_setreg. But that doesn't allow for more sophisticated setups, say where webservice C requires a different password from B, or doesn't use integrated Windows authentication. It also requires a bit of machine setup (granting write permission to the ASP.NET temp directories).
Has anyone figured out how to use the .NET framework to handle this? I'd rather not implement a password manager.
Tuesday, November 11, 2003
Fog Creek Home