Generate kerberos ticket using .NET
-
06-07-2019 - |
Question
I want to generate a Kerberos ticket using .NET with auth credentials supplied through a login form on a web page (this will authenticate user against in a sql db) and then use this ticket to authenticate the user as a single sign on across several other web apps.
Is this possible? I have had a look at WSE and it seems to assume you already have a granted kerberos ticket to use before using it to authenticate.
We have a MIT kerberos server to issue tickets.
Solution
It turns out you cannot generate a kerberos ticket using a web app as that would require your web server gaining access to the clients local file system to issue the token.
You can only simply request existing token from a client that has had one issued from a krb server though an application running on the client (or logging onto a windows domain).
We ended up writing a custom token service using a webservice