Well, it looks like I have once again managed to put myself in a tricky spot. I have the following scenario:
- Domains: A1 & A2 - no trust or any association between the two.
- A user access a Website on A1, using windows authentication, which makes a web service call to a machine on domain A2 (anonymous security, at the moment).
- As a result of the web service call, the machine on A2 needs to make another web service call to A1, and it needs to do it with windows authentication, with the credentials of the original user.
Now, I have control on the machine in A1 (.Net 1.1 ASMX WebServices) and I can do whatever I want to the machine in A2 (WCF). No trust between the domains, as I said, so I don't think that I can make Windows Authentication works between the two. Frankly, I don't care about authenticating users, I just need their credentials when I am going back to the machine in A1.