I have following constellation:
Windows Server 2003
With Active Directory
Windows Server 2005
IIS Host (Application Server)
Domain: server -domain.lan
Client0 is connecting to the domain with user/password
Client0 is hosting a service (dataGetter) retrieving data through WCF from Server1, where security setting of the binding are set to:
<binding name="BasicNetTcpBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647">
<transport clientCredentialType="Windows" />
To ensure that only specific user are allowed to use the WCF service from Server1
Now Client0 has to be moved to “client-domain.lan” and will thus not be able to get the credential, which will prohibit “dataGetter” to retrieve data.
Before making changes on the WCF-service of Server1, I would rather have the “dataGetter” process to run in a special account on the Client0. Such as, the physical machine being in the “client-domain” and the process in the “server-domain”.
Is this possible ?