Share via


KerberosToken Class

Represents a security token for a Kerberos version 5.0 service ticket. This class cannot be inherited.

Namespace: Microsoft.Web.Services3.Security.Tokens
Assembly: Microsoft.Web.Services3 (in microsoft.web.services3.dll)

Usage

'Usage
Dim targetPrincipal As String
Dim kerberosToken1 As New KerberosToken(targetPrincipal)

Syntax

'Declaration
NotInheritable Public Class KerberosToken
    Inherits BinarySecurityToken
    Implements IDerivableToken, IIssuedToken, IDisposable
public sealed class KerberosToken : BinarySecurityToken, IDerivableToken, IIssuedToken, IDisposable
public ref class KerberosToken sealed : BinarySecurityToken, IDerivableToken, IIssuedToken, IDisposable
public final class KerberosToken extends BinarySecurityToken implements IDerivableToken, IIssuedToken, IDisposable
public class KerberosToken extends BinarySecurityToken implements IDerivableToken, , IIssuedToken, , IDisposable

Remarks

The Web Services Enhancements for Microsoft .NET (WSE) supports signing and encrypting SOAP messages using Kerberos service tickets. The KerberosToken class, which is a security token that represents a Kerberos service ticket, derives from the BinarySecurityToken class. The binary data associated with the security token is a service ticket as described in RFC 1510: The Kerberos Network Authentication Service (V5).

To use Kerberos tokens, your application and the Web service you communicate with must be running on computers joined to a Kerberos realm. When a new instance of a KerberosToken class is created, the Kerberos token is created based on the current Windows user's security context. A WindowsPrincipal is created based on that user and assigned to the Principal property. Alternatively, you can create a security token service that issues KerberosToken security tokens for clients that are not part of the Kerberos realm. For more information about creating a security token service that issues custom security tokens, see Issuing Security Tokens.

Kerberos tokens work on computers with Windows Server 2003 or Windows XP with Service Pack 1 installed. When Windows XP is used, the account ASP.NET runs under is ASPNET by default and must be granted the Act as part of the operating system privilege. By default, the ASPNET account does not have this privilege. It is suggested that you run your Kerberos-secured Web services on Windows Server 2003. On Windows Server 2003, the Act as part of the operating system privilege is not required. On Windows XP you can configure the ASPNET account to have the Act as part of the operating system privilege using the Local Security Policy management application, but you should be aware that this affects all ASP.NET applications and results in less security for ASP.NET applications. Windows 2000 is not a supported operating system for this feature.

For more information about using KerberosToken security tokens, see Kerberos Ticket.

Inheritance Hierarchy

System.Object
   Microsoft.Web.Services3.Security.Tokens.SecurityToken
     Microsoft.Web.Services3.Security.Tokens.BinarySecurityToken
      Microsoft.Web.Services3.Security.Tokens.KerberosToken

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Windows 2000, Windows 2000 Server, Windows 2000 Advanced Server

Target Platforms

See Also

Reference

KerberosToken Members
Microsoft.Web.Services3.Security.Tokens Namespace

Other Resources

Kerberos Ticket