Home/ Questions/Q 8082853
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T17:15:34+00:00

So I’m working on a mobile web app using jQuery Mobile, and I need

  • 0

So I’m working on a mobile web app using jQuery Mobile, and I need to request some data from a remote server from the app. I get the data either from a C# SOAP web service, or from an IHttpHandler that returns JSON. I need to somehow authenticate with the web service/handler before any data is returned. I was hoping to use ActiveDirectory, and somehow pass a user name and a hashed password to the server via an AJAX request. The problem is, examples of authenticating in C# with ActiveDirectory involve passing a plain-text user name and password to PrincipalContext.ValidateCredentials. Is there any way to securely pass credentials to the C# service and have it authenticate with AD, without it knowing the plain-text password?

Edit: thought maybe I could hash the password client-side, pass it to the server, let the server get the AD password for the requested user and hash it the same way, then compare, but getting the AD password isn’t possible.

Edit: Looking at aSSL.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are developing a mobile web with jquery ui, it wont live on the device, it will live on your web server (iis, if its a web application). Your application can authenticate using windows authenticatin against the service it needs to query, however it depends on the user used to run the application / impersonation being used on ur side.

    The question is how your application and this service communicate between themsleves and the internet. If the service is not accessible to the internet, i dont know how much you should worry about the transport being secure.

    You also can check out ad fs / ad fs 2 based security solutions and wcf integration options, such as explained here, for example.
    These solutions implement the concept you are talking about, with the AD FS being the service that authenticates/ validates the credentials passed, and returns a token to the applicatin / service. Usuaully the communication with AD FS uses ssl to secure the transport layer, and the messages are signed, to make sure no one messes with them in the middle.
    You can, of course, implement such a mechanism by urself. You dont need to get the password from the active directory, you only need to see if the passed credentials (username / password) can be validated, by using the code sample provided here

    • 0