Solved

Process running as different domain user

Posted on 2012-03-29
3
310 Views
Last Modified: 2012-04-12
Hi all

I have following constellation:

Server0
Domain: server-domain.lan
Windows Server 2003
      With Active Directory
      Domain Controller

Server1
Domain: server-domain.lan
Windows Server 2005
      IIS Host (Application Server)


Client0
Domain: server -domain.lan

Client0 is connecting to the domain with user/password
Client0 is hosting a service (dataGetter) retrieving data through WCF from Server1, where security setting of the binding are set to:

<binding name="BasicNetTcpBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>

To ensure that only specific user are allowed to use the WCF service from Server1

Now Client0 has to be moved to “client-domain.lan” and will thus not be able to get the credential, which will prohibit “dataGetter” to retrieve data.
Before making changes on the WCF-service of Server1, I would rather have the “dataGetter” process to run in a special account on the Client0. Such as, the physical machine being in the “client-domain” and the process in the “server-domain”.
Is this possible ?
0
Comment
Question by:thomasbau65
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37784123
If I understand the question correctly, a user can autheticate to server-domain from client-domain by using the format
  domain\username
along with the appropriate password for that account.  This will require the user in client-domain to autheticate separately.

The only other way I can think to do it would be set up a trust relationship between server-domain and client-domain, and allow the user from client-domain to use the service.
0
 
LVL 1

Author Comment

by:thomasbau65
ID: 37789174
Ok so one solution could be to let the AD of both domain do the trick by setting up a trust relationship between them.
Is this possible between Windows2008-Server and 2003??
Thanks for your support
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 37789210
It should work fine between 2k8 and 2k3.  As I understand it, you should only need a one-way trust.

More info:
http://technet.microsoft.com/en-us/library/cc816837(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4520ad76-6514-4155-aa12-11b73c7b5bcc/
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question