WSE2, Windows Accounts, Username Tokens and clear text

Among  the methods you can use in WSE2 to  authenticate users is to pass the local windows account through the UsernameToken — not a common scenario of course. However, it is notable that when you use this method, WSE2 can only use this if the password is sent in plain text (one of the enumerations you can choose when creating a UsernameToken) which, in *this* case, limits you to using HTTPS (or just letting your password hang free in the wind, so to speak).

Posted from BLInk!

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.