Solved

Process running as different domain user

Posted on 2012-03-29
3
306 Views
Last Modified: 2012-04-12
Hi all

I have following constellation:

Server0
Domain: server-domain.lan
Windows Server 2003
      With Active Directory
      Domain Controller

Server1
Domain: server-domain.lan
Windows Server 2005
      IIS Host (Application Server)


Client0
Domain: server -domain.lan

Client0 is connecting to the domain with user/password
Client0 is hosting a service (dataGetter) retrieving data through WCF from Server1, where security setting of the binding are set to:

<binding name="BasicNetTcpBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>

To ensure that only specific user are allowed to use the WCF service from Server1

Now Client0 has to be moved to “client-domain.lan” and will thus not be able to get the credential, which will prohibit “dataGetter” to retrieve data.
Before making changes on the WCF-service of Server1, I would rather have the “dataGetter” process to run in a special account on the Client0. Such as, the physical machine being in the “client-domain” and the process in the “server-domain”.
Is this possible ?
0
Comment
Question by:thomasbau65
  • 2
3 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 37784123
If I understand the question correctly, a user can autheticate to server-domain from client-domain by using the format
  domain\username
along with the appropriate password for that account.  This will require the user in client-domain to autheticate separately.

The only other way I can think to do it would be set up a trust relationship between server-domain and client-domain, and allow the user from client-domain to use the service.
0
 
LVL 1

Author Comment

by:thomasbau65
ID: 37789174
Ok so one solution could be to let the AD of both domain do the trick by setting up a trust relationship between them.
Is this possible between Windows2008-Server and 2003??
Thanks for your support
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 500 total points
ID: 37789210
It should work fine between 2k8 and 2k3.  As I understand it, you should only need a one-way trust.

More info:
http://technet.microsoft.com/en-us/library/cc816837(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4520ad76-6514-4155-aa12-11b73c7b5bcc/
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now