KerberosToken2 Class
Represents a security token for a Kerberos version 5.0 service ticket. This class cannot be inherited.
Namespace: Microsoft.Web.Services2.Security.Tokens
Assembly: Microsoft.Web.Services2 (in microsoft.web.services2.dll)
Usage
'Usage
Dim targetPrincipal As String
Dim kerberosToken21 As New KerberosToken2(targetPrincipal)
Syntax
'Declaration
NotInheritable Public Class KerberosToken2
Inherits BinarySecurityToken
Implements IDerivableToken, IIssuedToken, IDisposable
public sealed class KerberosToken2 : BinarySecurityToken, IDerivableToken, IIssuedToken, IDisposable
public sealed ref class KerberosToken2 : public BinarySecurityToken, IDerivableToken, IIssuedToken, IDisposable
public final class KerberosToken2 extends BinarySecurityToken implements IDerivableToken, IIssuedToken, IDisposable
public class KerberosToken2 extends BinarySecurityToken implements IDerivableToken, , IIssuedToken, , IDisposable
Remarks
The KerberosToken2 security token differs from the KerberosToken in that it works in a Web farm and the identity associated with it can be impersonated by recipients of SOAP messages containing a KerberosToken2 security token. For more details, see Kerberos Ticket.
The Web Services Enhancements for Microsoft .NET (WSE) supports signing and encrypting SOAP messages using Kerberos service tickets. The KerberosToken2 class, which is a security token that represents a Kerberos service ticket, derives from the BinarySecurityToken class. The binary data associated with the security token is a service ticket as described in RFC 1510: The Kerberos Network Authentication Service (V5).
To use Kerberos tokens, your application and the Web service you communicate with must be running on computers joined to a Kerberos realm. When a new instance of a KerberosToken2 class is created, the Kerberos token is created based on the current Windows user's security context. A System.Security.Principal.WindowsPrincipal is created based on that user and assigned to the Principal property. Alternatively, you can create a security token service that issues KerberosToken2 security tokens for clients that are not part of the Kerberos realm. For more information about creating a security token service that issues custom security tokens, see Issuing Security Tokens.
Kerberos tokens work on computers with Windows Server 2003 or Windows XP with Service Pack 1 installed. When Windows XP is used, the account ASP.NET runs under is ASPNET by default and must be granted the Act as part of the operating system privilege. By default, the ASPNET account does not have this privilege. It is suggested that you run your Kerberos-secured Web services on Windows Server 2003. On Windows Server 2003, the Act as part of the operating system privilege is not required. On Windows XP you can configure the ASPNET account to have the Act as part of the operating system privilege using the Local Security Policy management application, but you should be aware that this affects all ASP.NET applications and results in less security for ASP.NET applications. Windows 2000 is not a supported operating system for this feature.
For more information about using KerberosToken2 security tokens, see Kerberos Ticket.
Inheritance Hierarchy
System.Object
Microsoft.Web.Services2.Security.Tokens.SecurityToken
Microsoft.Web.Services2.Security.Tokens.BinarySecurityToken
Microsoft.Web.Services2.Security.Tokens.KerberosToken2
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Platforms
Development Platforms
Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Windows Longhorn, and Windows 2000
Target Platforms
Windows 2000, Windows 2000 Server, Windows 2000 Advanced Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Windows Longhorn, Pocket PC, Windows CE, Smart Phone
See Also
Reference
Microsoft.Web.Services2.Security.Tokens Namespace