我正在用Java编写的服务器上，而且在同一个网络上的Windows机器上运行的客户端（.NET编写桌面应用程序）。我想有一些基本的认证，以使服务器能够确定用户的用户名运行客户端，而无需用户在客户端重新输入其Windows密码

I'm working on a server written in Java, and a client (a desktop application written in .Net) that runs on Windows machines on the same network. I would like to have some basic authentication so that the server can determine the username of the user running the client, without needing the user to re-enter their Windows password in the client.

这是可能的，什么是最简单的方式来完成它？

Is this possible, and what's the simplest way to accomplish it?

我有看一些可用的API，它看起来好像org.ietf.jgss中包在Java中，并在净NegotiateStream类，也许应该能相互交谈来实现这一点 - 但我不停的折腾的错误信息，我不明白。我以为我会检查，如果这是正确的做法，如果是的话我会发布一个单独的问题有更详细的有关问题的错误：）

I had a look at some of the available APIs, it looks as though the org.ietf.jgss package in Java, and NegotiateStream class in .Net, should probably be able to talk to one another to achieve this - but I keep hitting frustrating error messages I don't understand. I thought I'd check if this is the right approach, if so I'll post a separate question with more detail about the errors in question :)

推荐答案

该方法是正确的。注意一些事情，虽然：

The approach is the right one. Notice a number of things, though:

这将有无关，与基本身份验证（以HTTP） 在.NET会尝试使用SPNEGO GSS机制。请参阅 Sun文档了解适当的支持这种机制。 您的服务将需要体现服务主体。所以，你需要创建一个Active Directory帐户不仅为用户，也为服务，你需要把该服务密码到Java密钥表。 this will have nothing to do with "Basic Authentication" (in http) .NET will try to use the SPNEGO GSS mechanism. See the Sun documentation for proper support of this mechanism. your service will need to incarnate a service principal. So you need to create an Active Directory account not only for the user, but also for the service, and you need to put the service's password into the Java keytab.