Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Windows authentication for web service client??

Reply
Thread Tools

Windows authentication for web service client??

 
 
Kevin Yu
Guest
Posts: n/a
 
      04-13-2005
hi all

got a question here, a web service secure mode is set to "windows", on the
client side

when supplying the credentials, it's like this:

somewebservice.Authentication ssoAuth = new somewebservice.Authentication();

ssoAuth.PreAuthenticate = true;

ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;

from the info here

http://msdn.microsoft.com/library/de...tialsTopic.asp

the defaultcredential should supply the current security context that the
client is running, but in my case the client is another web service running

on another server, now by default the account that the client(the calling
web service) is running under ASPNET account,

so on the host(somewebservice), I should add the clientdomain\ASPNET account
into the windows account?






 
Reply With Quote
 
 
 
 
Brock Allen
Guest
Posts: n/a
 
      04-13-2005
The ASPNET account is a local account, so the other machine or domain wouldn't
know about it. You can either run you web app under a different account,
but that affects the rest of the code in there too. The other approach is
to have a dedicated account (instead of using the current identity of ASPNET)
that you can use to do the authentication and then use those credentials
from the client.

-Brock
DevelopMentor
http://staff.develop.com/ballen



> hi all
>
> got a question here, a web service secure mode is set to "windows", on
> the client side
>
> when supplying the credentials, it's like this:
>
> somewebservice.Authentication ssoAuth = new
> somewebservice.Authentication();
>
> ssoAuth.PreAuthenticate = true;
>
> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
>
> from the info here
>
> http://msdn.microsoft.com/library/de...ry/en-us/cpref
> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>
> the defaultcredential should supply the current security context that
> the client is running, but in my case the client is another web
> service running
>
> on another server, now by default the account that the client(the
> calling web service) is running under ASPNET account,
>
> so on the host(somewebservice), I should add the clientdomain\ASPNET
> account into the windows account?
>




 
Reply With Quote
 
 
 
 
Kevin Yu
Guest
Posts: n/a
 
      04-13-2005
I think impersonation will do , enable impersonation but don't specified the
user, use code call the web service with a different username/password.



"Brock Allen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> The ASPNET account is a local account, so the other machine or domain
> wouldn't know about it. You can either run you web app under a different
> account, but that affects the rest of the code in there too. The other
> approach is to have a dedicated account (instead of using the current
> identity of ASPNET) that you can use to do the authentication and then use
> those credentials from the client.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
>> hi all
>>
>> got a question here, a web service secure mode is set to "windows", on
>> the client side
>>
>> when supplying the credentials, it's like this:
>>
>> somewebservice.Authentication ssoAuth = new
>> somewebservice.Authentication();
>>
>> ssoAuth.PreAuthenticate = true;
>>
>> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
>>
>> from the info here
>>
>> http://msdn.microsoft.com/library/de...ry/en-us/cpref
>> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>>
>> the defaultcredential should supply the current security context that
>> the client is running, but in my case the client is another web
>> service running
>>
>> on another server, now by default the account that the client(the
>> calling web service) is running under ASPNET account,
>>
>> so on the host(somewebservice), I should add the clientdomain\ASPNET
>> account into the windows account?
>>

>
>
>



 
Reply With Quote
 
Kevin Yu
Guest
Posts: n/a
 
      04-14-2005
but the problem with impersonation in the code is after LogonUser() win32
call, will the defaultcredentials be set to the new credentials then?





"Kevin Yu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I think impersonation will do , enable impersonation but don't specified
>the user, use code call the web service with a different username/password.
>
>
>
> "Brock Allen" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> The ASPNET account is a local account, so the other machine or domain
>> wouldn't know about it. You can either run you web app under a different
>> account, but that affects the rest of the code in there too. The other
>> approach is to have a dedicated account (instead of using the current
>> identity of ASPNET) that you can use to do the authentication and then
>> use those credentials from the client.
>>
>> -Brock
>> DevelopMentor
>> http://staff.develop.com/ballen
>>
>>
>>
>>> hi all
>>>
>>> got a question here, a web service secure mode is set to "windows", on
>>> the client side
>>>
>>> when supplying the credentials, it's like this:
>>>
>>> somewebservice.Authentication ssoAuth = new
>>> somewebservice.Authentication();
>>>
>>> ssoAuth.PreAuthenticate = true;
>>>
>>> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
>>>
>>> from the info here
>>>
>>> http://msdn.microsoft.com/library/de...ry/en-us/cpref
>>> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>>>
>>> the defaultcredential should supply the current security context that
>>> the client is running, but in my case the client is another web
>>> service running
>>>
>>> on another server, now by default the account that the client(the
>>> calling web service) is running under ASPNET account,
>>>
>>> so on the host(somewebservice), I should add the clientdomain\ASPNET
>>> account into the windows account?
>>>

>>
>>
>>

>
>



 
Reply With Quote
 
solex
Guest
Posts: n/a
 
      04-14-2005
I'm having a similar problem

I have a web service that make a webDav request to Exchange.

I have impersonation on but when I use the defaultCredentials in the web
services to make the webdav reqeust I get an Unauthorized 401 error. My
credentials have rights to make this request and I'm at my wits end trying
to figure it out.

The service works if I hard code my Network credentials in the service but
does not otherwise.

Any help with this would also be appreciated.

Thanks,
Dan


"Kevin Yu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> but the problem with impersonation in the code is after LogonUser() win32
> call, will the defaultcredentials be set to the new credentials then?
>
>
>
>
>
> "Kevin Yu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I think impersonation will do , enable impersonation but don't specified
>>the user, use code call the web service with a different
>>username/password.
>>
>>
>>
>> "Brock Allen" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ...
>>> The ASPNET account is a local account, so the other machine or domain
>>> wouldn't know about it. You can either run you web app under a different
>>> account, but that affects the rest of the code in there too. The other
>>> approach is to have a dedicated account (instead of using the current
>>> identity of ASPNET) that you can use to do the authentication and then
>>> use those credentials from the client.
>>>
>>> -Brock
>>> DevelopMentor
>>> http://staff.develop.com/ballen
>>>
>>>
>>>
>>>> hi all
>>>>
>>>> got a question here, a web service secure mode is set to "windows", on
>>>> the client side
>>>>
>>>> when supplying the credentials, it's like this:
>>>>
>>>> somewebservice.Authentication ssoAuth = new
>>>> somewebservice.Authentication();
>>>>
>>>> ssoAuth.PreAuthenticate = true;
>>>>
>>>> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
>>>>
>>>> from the info here
>>>>
>>>> http://msdn.microsoft.com/library/de...ry/en-us/cpref
>>>> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>>>>
>>>> the defaultcredential should supply the current security context that
>>>> the client is running, but in my case the client is another web
>>>> service running
>>>>
>>>> on another server, now by default the account that the client(the
>>>> calling web service) is running under ASPNET account,
>>>>
>>>> so on the host(somewebservice), I should add the clientdomain\ASPNET
>>>> account into the windows account?
>>>>
>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
Kevin Yu
Guest
Posts: n/a
 
      04-15-2005


"solex" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I'm having a similar problem
>
> I have a web service that make a webDav request to Exchange.
>
> I have impersonation on but when I use the defaultCredentials in the web
> services to make the webdav reqeust I get an Unauthorized 401 error. My
> credentials have rights to make this request and I'm at my wits end trying
> to figure it out.
>
> The service works if I hard code my Network credentials in the service but
> does not otherwise.


Hardcoded into your code? create a credential instead of using the
defaultcredentials?

I thought one can only create credential for "basic" or "digest"
authentication mode.

I try implicit impersonation, it won't work, even if you are impersonating,
the web service has to
put the credential on the soap message in order for it to be authenticated,
because that's
all the hosting service see when interacting with each other. don't want to
do explicit impersonation.


in .net 2.0, there will be a better support or even WSE 2.0, but this is not
my options here.
since if we were to use WSE 2.0, there will be a long process of paper work
and testing and questioning.....





>
> Any help with this would also be appreciated.
>
> Thanks,
> Dan
>
>
> "Kevin Yu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > but the problem with impersonation in the code is after LogonUser()

win32
> > call, will the defaultcredentials be set to the new credentials then?
> >
> >
> >
> >
> >
> > "Kevin Yu" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >>I think impersonation will do , enable impersonation but don't specified
> >>the user, use code call the web service with a different
> >>username/password.
> >>
> >>
> >>
> >> "Brock Allen" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed) ...
> >>> The ASPNET account is a local account, so the other machine or domain
> >>> wouldn't know about it. You can either run you web app under a

different
> >>> account, but that affects the rest of the code in there too. The other
> >>> approach is to have a dedicated account (instead of using the current
> >>> identity of ASPNET) that you can use to do the authentication and then
> >>> use those credentials from the client.
> >>>
> >>> -Brock
> >>> DevelopMentor
> >>> http://staff.develop.com/ballen
> >>>
> >>>
> >>>
> >>>> hi all
> >>>>
> >>>> got a question here, a web service secure mode is set to "windows",

on
> >>>> the client side
> >>>>
> >>>> when supplying the credentials, it's like this:
> >>>>
> >>>> somewebservice.Authentication ssoAuth = new
> >>>> somewebservice.Authentication();
> >>>>
> >>>> ssoAuth.PreAuthenticate = true;
> >>>>
> >>>> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
> >>>>
> >>>> from the info here
> >>>>
> >>>>

http://msdn.microsoft.com/library/de...ry/en-us/cpref
> >>>> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
> >>>>
> >>>> the defaultcredential should supply the current security context that
> >>>> the client is running, but in my case the client is another web
> >>>> service running
> >>>>
> >>>> on another server, now by default the account that the client(the
> >>>> calling web service) is running under ASPNET account,
> >>>>
> >>>> so on the host(somewebservice), I should add the clientdomain\ASPNET
> >>>> account into the windows account?
> >>>>
> >>>
> >>>
> >>>
> >>
> >>

> >
> >

>
>



 
Reply With Quote
 
solex
Guest
Posts: n/a
 
      04-15-2005
Kevin,
Thanks for responding, if you (or anyone) sees anything obviously wrong
with the below summary please let me know.

Thanks,
Dan

I have the following settings
Web config:
<authentication mode="Windows" />
<identity impersonate="true" />

IIS:
Anonymous access has been disabled and Integraged Security is the
only access that is enabled.

Client:
When calling the web service I make sure that I am passing the
defaultCredentials from the CredentialCache.

I hardcoded a credential using the following code and it works

Dim Response As System.Net.HttpWebResponse
Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
HttpWebRequest)
Dim MyCredentialCache = New System.Net.CredentialCache
MyCredentialCache.Add(New System.Uri(URI), "NTLM", _
New System.Net.NetworkCredential("myUserID", "myPassword", "myDomain"))

Request.Credentials = MyCredentialCache

make my http WEBDAV request here ...

Return (Response)

But this does not work:

Dim Response As System.Net.HttpWebResponse
Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
HttpWebRequest)

Request.Credentials = CredentialCache.DefaultCredentials
make my http WEBDAV request here ...

Return (Response)

Nor does this:

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(mobjUser.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

Request.Credentials = CredentialCache.DefaultCredentials
Dim Response As System.Net.HttpWebResponse
Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
HttpWebRequest)

Request.Credentials = CredentialCache.DefaultCredentials

make my http WEBDAV request here ...

impersonationContext.Undo()

Return (Response)



"Kevin Yu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> "solex" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> I'm having a similar problem
>>
>> I have a web service that make a webDav request to Exchange.
>>
>> I have impersonation on but when I use the defaultCredentials in the web
>> services to make the webdav reqeust I get an Unauthorized 401 error. My
>> credentials have rights to make this request and I'm at my wits end
>> trying
>> to figure it out.
>>
>> The service works if I hard code my Network credentials in the service
>> but
>> does not otherwise.

>
> Hardcoded into your code? create a credential instead of using the
> defaultcredentials?
>
> I thought one can only create credential for "basic" or "digest"
> authentication mode.
>
> I try implicit impersonation, it won't work, even if you are
> impersonating,
> the web service has to
> put the credential on the soap message in order for it to be
> authenticated,
> because that's
> all the hosting service see when interacting with each other. don't want
> to
> do explicit impersonation.
>
>
> in .net 2.0, there will be a better support or even WSE 2.0, but this is
> not
> my options here.
> since if we were to use WSE 2.0, there will be a long process of paper
> work
> and testing and questioning.....
>
>
>
>
>
>>
>> Any help with this would also be appreciated.
>>
>> Thanks,
>> Dan
>>
>>
>> "Kevin Yu" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > but the problem with impersonation in the code is after LogonUser()

> win32
>> > call, will the defaultcredentials be set to the new credentials then?
>> >
>> >
>> >
>> >
>> >
>> > "Kevin Yu" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >>I think impersonation will do , enable impersonation but don't
>> >>specified
>> >>the user, use code call the web service with a different
>> >>username/password.
>> >>
>> >>
>> >>
>> >> "Brock Allen" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed) ...
>> >>> The ASPNET account is a local account, so the other machine or domain
>> >>> wouldn't know about it. You can either run you web app under a

> different
>> >>> account, but that affects the rest of the code in there too. The
>> >>> other
>> >>> approach is to have a dedicated account (instead of using the current
>> >>> identity of ASPNET) that you can use to do the authentication and
>> >>> then
>> >>> use those credentials from the client.
>> >>>
>> >>> -Brock
>> >>> DevelopMentor
>> >>> http://staff.develop.com/ballen
>> >>>
>> >>>
>> >>>
>> >>>> hi all
>> >>>>
>> >>>> got a question here, a web service secure mode is set to "windows",

> on
>> >>>> the client side
>> >>>>
>> >>>> when supplying the credentials, it's like this:
>> >>>>
>> >>>> somewebservice.Authentication ssoAuth = new
>> >>>> somewebservice.Authentication();
>> >>>>
>> >>>> ssoAuth.PreAuthenticate = true;
>> >>>>
>> >>>> ssoAuth.Credentials = System.Net.CredentialCache.DefaultCredentials;
>> >>>>
>> >>>> from the info here
>> >>>>
>> >>>>

> http://msdn.microsoft.com/library/de...ry/en-us/cpref
>> >>>> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>> >>>>
>> >>>> the defaultcredential should supply the current security context
>> >>>> that
>> >>>> the client is running, but in my case the client is another web
>> >>>> service running
>> >>>>
>> >>>> on another server, now by default the account that the client(the
>> >>>> calling web service) is running under ASPNET account,
>> >>>>
>> >>>> so on the host(somewebservice), I should add the clientdomain\ASPNET
>> >>>> account into the windows account?
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >

>>
>>

>
>



 
Reply With Quote
 
Kevin Yu
Guest
Posts: n/a
 
      04-18-2005

"solex" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Kevin,
> Thanks for responding, if you (or anyone) sees anything obviously wrong
> with the below summary please let me know.
>
> Thanks,
> Dan
>
> I have the following settings
> Web config:
> <authentication mode="Windows" />
> <identity impersonate="true" />
>
> IIS:
> Anonymous access has been disabled and Integraged Security is the
> only access that is enabled.
>
> Client:
> When calling the web service I make sure that I am passing the
> defaultCredentials from the CredentialCache.
>
> I hardcoded a credential using the following code and it works
>
> Dim Response As System.Net.HttpWebResponse
> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> HttpWebRequest)
> Dim MyCredentialCache = New System.Net.CredentialCache
> MyCredentialCache.Add(New System.Uri(URI), "NTLM", _
> New System.Net.NetworkCredential("myUserID", "myPassword",

"myDomain"))
>
> Request.Credentials = MyCredentialCache
>
> make my http WEBDAV request here ...
>
> Return (Response)
>
> But this does not work:
>
> Dim Response As System.Net.HttpWebResponse
> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> HttpWebRequest)
>
> Request.Credentials = CredentialCache.DefaultCredentials
> make my http WEBDAV request here ...
>
> Return (Response)
>


ok. CredentialCache.DefaultCredentials will return the credentials that
client is running under.
so it doens't matter what you set before the line:

Request.Credentials = CredentialCache.DefaultCredentials

it will always return the default credential for the request, but in the
working code, since you set
credentials in the credentialscache for that particular request URI, so that
when the client making
calls to the destinated service, it will use that credential for the
request, that's why it works.


> Nor does this:
>
> Dim impersonationContext As
> System.Security.Principal.WindowsImpersonationCont ext
> Dim currentWindowsIdentity As

System.Security.Principal.WindowsIdentity
>
> currentWindowsIdentity = CType(mobjUser.Identity,
> System.Security.Principal.WindowsIdentity)
> impersonationContext = currentWindowsIdentity.Impersonate()
>
> Request.Credentials = CredentialCache.DefaultCredentials
> Dim Response As System.Net.HttpWebResponse
> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> HttpWebRequest)
>
> Request.Credentials = CredentialCache.DefaultCredentials
>
> make my http WEBDAV request here ...
>
> impersonationContext.Undo()
>
> Return (Response)
>


I have try the same approach using implicity impersonation, what you are
doing here
is the same as using this line: Request.Credentials =
CredentialCache.DefaultCredentials
since you use this call to get the current identity: currentWindowsIdentity
= CType(mobjUser.Identity,
> System.Security.Principal.WindowsIdentity), then you do this:

Request.Credentials = CredentialCache.DefaultCredentials
thus in fact you are doing the same thing twice.

it seems that doing impersonation won't change the
defaultcredential, Request.Credentials = CredentialCache.DefaultCredentials
will always return the credentials that the client is running under as I
mentioned
above.

I use this code from msdn to do impersonation:

#region Public Methods

public bool ImpersonateValidUser()

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(_userName, _domain, _password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT, ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

}

}

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

//reverse the security context

public void UndoImpersonation()

{

if(impersonationContext!=null)

impersonationContext.Undo();

}

#endregion


#region Win32 calls

[DllImport("advapi32.dll")]

private static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]

private static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]

private static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

private static extern bool CloseHandle(IntPtr handle);

#endregion


}

in conclusion, only when the correct credential in the credentialsCache for
that
request (that particular URI), it request have access permission.

thanks for your code. I will give it a try.




>
>
> "Kevin Yu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> >
> > "solex" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> I'm having a similar problem
> >>
> >> I have a web service that make a webDav request to Exchange.
> >>
> >> I have impersonation on but when I use the defaultCredentials in the

web
> >> services to make the webdav reqeust I get an Unauthorized 401 error.

My
> >> credentials have rights to make this request and I'm at my wits end
> >> trying
> >> to figure it out.
> >>
> >> The service works if I hard code my Network credentials in the service
> >> but
> >> does not otherwise.

> >
> > Hardcoded into your code? create a credential instead of using the
> > defaultcredentials?
> >
> > I thought one can only create credential for "basic" or "digest"
> > authentication mode.
> >
> > I try implicit impersonation, it won't work, even if you are
> > impersonating,
> > the web service has to
> > put the credential on the soap message in order for it to be
> > authenticated,
> > because that's
> > all the hosting service see when interacting with each other. don't want
> > to
> > do explicit impersonation.
> >
> >
> > in .net 2.0, there will be a better support or even WSE 2.0, but this is
> > not
> > my options here.
> > since if we were to use WSE 2.0, there will be a long process of paper
> > work
> > and testing and questioning.....
> >
> >
> >
> >
> >
> >>
> >> Any help with this would also be appreciated.
> >>
> >> Thanks,
> >> Dan
> >>
> >>
> >> "Kevin Yu" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > but the problem with impersonation in the code is after LogonUser()

> > win32
> >> > call, will the defaultcredentials be set to the new credentials then?
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > "Kevin Yu" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed)...
> >> >>I think impersonation will do , enable impersonation but don't
> >> >>specified
> >> >>the user, use code call the web service with a different
> >> >>username/password.
> >> >>
> >> >>
> >> >>
> >> >> "Brock Allen" <(E-Mail Removed)> wrote in message
> >> >> news:(E-Mail Removed) ...
> >> >>> The ASPNET account is a local account, so the other machine or

domain
> >> >>> wouldn't know about it. You can either run you web app under a

> > different
> >> >>> account, but that affects the rest of the code in there too. The
> >> >>> other
> >> >>> approach is to have a dedicated account (instead of using the

current
> >> >>> identity of ASPNET) that you can use to do the authentication and
> >> >>> then
> >> >>> use those credentials from the client.
> >> >>>
> >> >>> -Brock
> >> >>> DevelopMentor
> >> >>> http://staff.develop.com/ballen
> >> >>>
> >> >>>
> >> >>>
> >> >>>> hi all
> >> >>>>
> >> >>>> got a question here, a web service secure mode is set to

"windows",
> > on
> >> >>>> the client side
> >> >>>>
> >> >>>> when supplying the credentials, it's like this:
> >> >>>>
> >> >>>> somewebservice.Authentication ssoAuth = new
> >> >>>> somewebservice.Authentication();
> >> >>>>
> >> >>>> ssoAuth.PreAuthenticate = true;
> >> >>>>
> >> >>>> ssoAuth.Credentials =

System.Net.CredentialCache.DefaultCredentials;
> >> >>>>
> >> >>>> from the info here
> >> >>>>
> >> >>>>

> > http://msdn.microsoft.com/library/de...ry/en-us/cpref
> >> >>>>

/html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
> >> >>>>
> >> >>>> the defaultcredential should supply the current security context
> >> >>>> that
> >> >>>> the client is running, but in my case the client is another web
> >> >>>> service running
> >> >>>>
> >> >>>> on another server, now by default the account that the client(the
> >> >>>> calling web service) is running under ASPNET account,
> >> >>>>
> >> >>>> so on the host(somewebservice), I should add the

clientdomain\ASPNET
> >> >>>> account into the windows account?
> >> >>>>
> >> >>>
> >> >>>
> >> >>>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>

> >
> >

>
>



 
Reply With Quote
 
solex
Guest
Posts: n/a
 
      04-18-2005
Kevin,

My problem is that the DefaultCredentials is NOT working. If I hard code
the credentials using my uid/password and domain it works fine as shown in
my first example.

Ideally I want the web service and a subsequent call to Exchange (via
WebDAV) to run completely under the users id.

Thanks,
Dan


"Kevin Yu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "solex" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Kevin,
>> Thanks for responding, if you (or anyone) sees anything obviously wrong
>> with the below summary please let me know.
>>
>> Thanks,
>> Dan
>>
>> I have the following settings
>> Web config:
>> <authentication mode="Windows" />
>> <identity impersonate="true" />
>>
>> IIS:
>> Anonymous access has been disabled and Integraged Security is the
>> only access that is enabled.
>>
>> Client:
>> When calling the web service I make sure that I am passing the
>> defaultCredentials from the CredentialCache.
>>
>> I hardcoded a credential using the following code and it works
>>
>> Dim Response As System.Net.HttpWebResponse
>> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
>> HttpWebRequest)
>> Dim MyCredentialCache = New System.Net.CredentialCache
>> MyCredentialCache.Add(New System.Uri(URI), "NTLM", _
>> New System.Net.NetworkCredential("myUserID", "myPassword",

> "myDomain"))
>>
>> Request.Credentials = MyCredentialCache
>>
>> make my http WEBDAV request here ...
>>
>> Return (Response)
>>
>> But this does not work:
>>
>> Dim Response As System.Net.HttpWebResponse
>> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
>> HttpWebRequest)
>>
>> Request.Credentials = CredentialCache.DefaultCredentials
>> make my http WEBDAV request here ...
>>
>> Return (Response)
>>

>
> ok. CredentialCache.DefaultCredentials will return the credentials that
> client is running under.
> so it doens't matter what you set before the line:
>
> Request.Credentials = CredentialCache.DefaultCredentials
>
> it will always return the default credential for the request, but in the
> working code, since you set
> credentials in the credentialscache for that particular request URI, so
> that
> when the client making
> calls to the destinated service, it will use that credential for the
> request, that's why it works.
>
>
>> Nor does this:
>>
>> Dim impersonationContext As
>> System.Security.Principal.WindowsImpersonationCont ext
>> Dim currentWindowsIdentity As

> System.Security.Principal.WindowsIdentity
>>
>> currentWindowsIdentity = CType(mobjUser.Identity,
>> System.Security.Principal.WindowsIdentity)
>> impersonationContext = currentWindowsIdentity.Impersonate()
>>
>> Request.Credentials = CredentialCache.DefaultCredentials
>> Dim Response As System.Net.HttpWebResponse
>> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
>> HttpWebRequest)
>>
>> Request.Credentials = CredentialCache.DefaultCredentials
>>
>> make my http WEBDAV request here ...
>>
>> impersonationContext.Undo()
>>
>> Return (Response)
>>

>
> I have try the same approach using implicity impersonation, what you are
> doing here
> is the same as using this line: Request.Credentials =
> CredentialCache.DefaultCredentials
> since you use this call to get the current identity:
> currentWindowsIdentity
> = CType(mobjUser.Identity,
>> System.Security.Principal.WindowsIdentity), then you do this:

> Request.Credentials = CredentialCache.DefaultCredentials
> thus in fact you are doing the same thing twice.
>
> it seems that doing impersonation won't change the
> defaultcredential, Request.Credentials =
> CredentialCache.DefaultCredentials
> will always return the credentials that the client is running under as I
> mentioned
> above.
>
> I use this code from msdn to do impersonation:
>
> #region Public Methods
>
> public bool ImpersonateValidUser()
>
> {
>
> WindowsIdentity tempWindowsIdentity;
>
> IntPtr token = IntPtr.Zero;
>
> IntPtr tokenDuplicate = IntPtr.Zero;
>
> if(RevertToSelf())
>
> {
>
> if(LogonUserA(_userName, _domain, _password, LOGON32_LOGON_INTERACTIVE,
>
> LOGON32_PROVIDER_DEFAULT, ref token) != 0)
>
> {
>
> if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
>
> {
>
> tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
>
> impersonationContext = tempWindowsIdentity.Impersonate();
>
> if (impersonationContext != null)
>
> {
>
> CloseHandle(token);
>
> CloseHandle(tokenDuplicate);
>
> return true;
>
> }
>
> }
>
> }
>
> }
>
> if(token!= IntPtr.Zero)
>
> CloseHandle(token);
>
> if(tokenDuplicate!=IntPtr.Zero)
>
> CloseHandle(tokenDuplicate);
>
> return false;
>
> }
>
> //reverse the security context
>
> public void UndoImpersonation()
>
> {
>
> if(impersonationContext!=null)
>
> impersonationContext.Undo();
>
> }
>
> #endregion
>
>
> #region Win32 calls
>
> [DllImport("advapi32.dll")]
>
> private static extern int LogonUserA(String lpszUserName,
>
> String lpszDomain,
>
> String lpszPassword,
>
> int dwLogonType,
>
> int dwLogonProvider,
>
> ref IntPtr phToken);
>
> [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
>
> private static extern int DuplicateToken(IntPtr hToken,
>
> int impersonationLevel,
>
> ref IntPtr hNewToken);
>
> [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
>
> private static extern bool RevertToSelf();
>
> [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
>
> private static extern bool CloseHandle(IntPtr handle);
>
> #endregion
>
>
> }
>
> in conclusion, only when the correct credential in the credentialsCache
> for
> that
> request (that particular URI), it request have access permission.
>
> thanks for your code. I will give it a try.
>
>
>
>
>>
>>
>> "Kevin Yu" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> >
>> >
>> > "solex" <(E-Mail Removed)> wrote in message
>> > news:%(E-Mail Removed)...
>> >> I'm having a similar problem
>> >>
>> >> I have a web service that make a webDav request to Exchange.
>> >>
>> >> I have impersonation on but when I use the defaultCredentials in the

> web
>> >> services to make the webdav reqeust I get an Unauthorized 401 error.

> My
>> >> credentials have rights to make this request and I'm at my wits end
>> >> trying
>> >> to figure it out.
>> >>
>> >> The service works if I hard code my Network credentials in the service
>> >> but
>> >> does not otherwise.
>> >
>> > Hardcoded into your code? create a credential instead of using the
>> > defaultcredentials?
>> >
>> > I thought one can only create credential for "basic" or "digest"
>> > authentication mode.
>> >
>> > I try implicit impersonation, it won't work, even if you are
>> > impersonating,
>> > the web service has to
>> > put the credential on the soap message in order for it to be
>> > authenticated,
>> > because that's
>> > all the hosting service see when interacting with each other. don't
>> > want
>> > to
>> > do explicit impersonation.
>> >
>> >
>> > in .net 2.0, there will be a better support or even WSE 2.0, but this
>> > is
>> > not
>> > my options here.
>> > since if we were to use WSE 2.0, there will be a long process of paper
>> > work
>> > and testing and questioning.....
>> >
>> >
>> >
>> >
>> >
>> >>
>> >> Any help with this would also be appreciated.
>> >>
>> >> Thanks,
>> >> Dan
>> >>
>> >>
>> >> "Kevin Yu" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >> > but the problem with impersonation in the code is after LogonUser()
>> > win32
>> >> > call, will the defaultcredentials be set to the new credentials
>> >> > then?
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Kevin Yu" <(E-Mail Removed)> wrote in message
>> >> > news:(E-Mail Removed)...
>> >> >>I think impersonation will do , enable impersonation but don't
>> >> >>specified
>> >> >>the user, use code call the web service with a different
>> >> >>username/password.
>> >> >>
>> >> >>
>> >> >>
>> >> >> "Brock Allen" <(E-Mail Removed)> wrote in message
>> >> >> news:(E-Mail Removed) ...
>> >> >>> The ASPNET account is a local account, so the other machine or

> domain
>> >> >>> wouldn't know about it. You can either run you web app under a
>> > different
>> >> >>> account, but that affects the rest of the code in there too. The
>> >> >>> other
>> >> >>> approach is to have a dedicated account (instead of using the

> current
>> >> >>> identity of ASPNET) that you can use to do the authentication and
>> >> >>> then
>> >> >>> use those credentials from the client.
>> >> >>>
>> >> >>> -Brock
>> >> >>> DevelopMentor
>> >> >>> http://staff.develop.com/ballen
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>> hi all
>> >> >>>>
>> >> >>>> got a question here, a web service secure mode is set to

> "windows",
>> > on
>> >> >>>> the client side
>> >> >>>>
>> >> >>>> when supplying the credentials, it's like this:
>> >> >>>>
>> >> >>>> somewebservice.Authentication ssoAuth = new
>> >> >>>> somewebservice.Authentication();
>> >> >>>>
>> >> >>>> ssoAuth.PreAuthenticate = true;
>> >> >>>>
>> >> >>>> ssoAuth.Credentials =

> System.Net.CredentialCache.DefaultCredentials;
>> >> >>>>
>> >> >>>> from the info here
>> >> >>>>
>> >> >>>>
>> > http://msdn.microsoft.com/library/de...ry/en-us/cpref
>> >> >>>>

> /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
>> >> >>>>
>> >> >>>> the defaultcredential should supply the current security context
>> >> >>>> that
>> >> >>>> the client is running, but in my case the client is another web
>> >> >>>> service running
>> >> >>>>
>> >> >>>> on another server, now by default the account that the client(the
>> >> >>>> calling web service) is running under ASPNET account,
>> >> >>>>
>> >> >>>> so on the host(somewebservice), I should add the

> clientdomain\ASPNET
>> >> >>>> account into the windows account?
>> >> >>>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >

>>
>>

>
>



 
Reply With Quote
 
Kevin Yu
Guest
Posts: n/a
 
      04-18-2005
Dan

The bottom line is when enable integrated windows authentication for a
service (web app, web service etc)
the client need to supply proper credential to the service. now as I
memtion, DefaultCredentials will always
return the credential that the client is running under. so by default, the
web service is running ASPNET account.
you can however config the web service(I assume that's the client) to run
under a different account.

I am not sure what you mean "users id" here, if you mean the login users,
then you can set the impersonate=true
in the web.config file. so that calls to the WebDAV will use the login
users' credentials.

HTH

Kevin



"solex" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Kevin,
>
> My problem is that the DefaultCredentials is NOT working. If I hard code
> the credentials using my uid/password and domain it works fine as shown in
> my first example.
>
> Ideally I want the web service and a subsequent call to Exchange (via
> WebDAV) to run completely under the users id.
>
> Thanks,
> Dan
>
>
> "Kevin Yu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > "solex" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> Kevin,
> >> Thanks for responding, if you (or anyone) sees anything obviously

wrong
> >> with the below summary please let me know.
> >>
> >> Thanks,
> >> Dan
> >>
> >> I have the following settings
> >> Web config:
> >> <authentication mode="Windows" />
> >> <identity impersonate="true" />
> >>
> >> IIS:
> >> Anonymous access has been disabled and Integraged Security is

the
> >> only access that is enabled.
> >>
> >> Client:
> >> When calling the web service I make sure that I am passing the
> >> defaultCredentials from the CredentialCache.
> >>
> >> I hardcoded a credential using the following code and it works
> >>
> >> Dim Response As System.Net.HttpWebResponse
> >> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> >> HttpWebRequest)
> >> Dim MyCredentialCache = New System.Net.CredentialCache
> >> MyCredentialCache.Add(New System.Uri(URI), "NTLM", _
> >> New System.Net.NetworkCredential("myUserID", "myPassword",

> > "myDomain"))
> >>
> >> Request.Credentials = MyCredentialCache
> >>
> >> make my http WEBDAV request here ...
> >>
> >> Return (Response)
> >>
> >> But this does not work:
> >>
> >> Dim Response As System.Net.HttpWebResponse
> >> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> >> HttpWebRequest)
> >>
> >> Request.Credentials = CredentialCache.DefaultCredentials
> >> make my http WEBDAV request here ...
> >>
> >> Return (Response)
> >>

> >
> > ok. CredentialCache.DefaultCredentials will return the credentials that
> > client is running under.
> > so it doens't matter what you set before the line:
> >
> > Request.Credentials = CredentialCache.DefaultCredentials
> >
> > it will always return the default credential for the request, but in the
> > working code, since you set
> > credentials in the credentialscache for that particular request URI, so
> > that
> > when the client making
> > calls to the destinated service, it will use that credential for the
> > request, that's why it works.
> >
> >
> >> Nor does this:
> >>
> >> Dim impersonationContext As
> >> System.Security.Principal.WindowsImpersonationCont ext
> >> Dim currentWindowsIdentity As

> > System.Security.Principal.WindowsIdentity
> >>
> >> currentWindowsIdentity = CType(mobjUser.Identity,
> >> System.Security.Principal.WindowsIdentity)
> >> impersonationContext = currentWindowsIdentity.Impersonate()
> >>
> >> Request.Credentials = CredentialCache.DefaultCredentials
> >> Dim Response As System.Net.HttpWebResponse
> >> Dim Request As HttpWebRequest = CType(WebRequest.Create(URI),
> >> HttpWebRequest)
> >>
> >> Request.Credentials = CredentialCache.DefaultCredentials
> >>
> >> make my http WEBDAV request here ...
> >>
> >> impersonationContext.Undo()
> >>
> >> Return (Response)
> >>

> >
> > I have try the same approach using implicity impersonation, what you are
> > doing here
> > is the same as using this line: Request.Credentials =
> > CredentialCache.DefaultCredentials
> > since you use this call to get the current identity:
> > currentWindowsIdentity
> > = CType(mobjUser.Identity,
> >> System.Security.Principal.WindowsIdentity), then you do this:

> > Request.Credentials = CredentialCache.DefaultCredentials
> > thus in fact you are doing the same thing twice.
> >
> > it seems that doing impersonation won't change the
> > defaultcredential, Request.Credentials =
> > CredentialCache.DefaultCredentials
> > will always return the credentials that the client is running under as I
> > mentioned
> > above.
> >
> > I use this code from msdn to do impersonation:
> >
> > #region Public Methods
> >
> > public bool ImpersonateValidUser()
> >
> > {
> >
> > WindowsIdentity tempWindowsIdentity;
> >
> > IntPtr token = IntPtr.Zero;
> >
> > IntPtr tokenDuplicate = IntPtr.Zero;
> >
> > if(RevertToSelf())
> >
> > {
> >
> > if(LogonUserA(_userName, _domain, _password, LOGON32_LOGON_INTERACTIVE,
> >
> > LOGON32_PROVIDER_DEFAULT, ref token) != 0)
> >
> > {
> >
> > if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
> >
> > {
> >
> > tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
> >
> > impersonationContext = tempWindowsIdentity.Impersonate();
> >
> > if (impersonationContext != null)
> >
> > {
> >
> > CloseHandle(token);
> >
> > CloseHandle(tokenDuplicate);
> >
> > return true;
> >
> > }
> >
> > }
> >
> > }
> >
> > }
> >
> > if(token!= IntPtr.Zero)
> >
> > CloseHandle(token);
> >
> > if(tokenDuplicate!=IntPtr.Zero)
> >
> > CloseHandle(tokenDuplicate);
> >
> > return false;
> >
> > }
> >
> > //reverse the security context
> >
> > public void UndoImpersonation()
> >
> > {
> >
> > if(impersonationContext!=null)
> >
> > impersonationContext.Undo();
> >
> > }
> >
> > #endregion
> >
> >
> > #region Win32 calls
> >
> > [DllImport("advapi32.dll")]
> >
> > private static extern int LogonUserA(String lpszUserName,
> >
> > String lpszDomain,
> >
> > String lpszPassword,
> >
> > int dwLogonType,
> >
> > int dwLogonProvider,
> >
> > ref IntPtr phToken);
> >
> > [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
> >
> > private static extern int DuplicateToken(IntPtr hToken,
> >
> > int impersonationLevel,
> >
> > ref IntPtr hNewToken);
> >
> > [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
> >
> > private static extern bool RevertToSelf();
> >
> > [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
> >
> > private static extern bool CloseHandle(IntPtr handle);
> >
> > #endregion
> >
> >
> > }
> >
> > in conclusion, only when the correct credential in the credentialsCache
> > for
> > that
> > request (that particular URI), it request have access permission.
> >
> > thanks for your code. I will give it a try.
> >
> >
> >
> >
> >>
> >>
> >> "Kevin Yu" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> >
> >> >
> >> > "solex" <(E-Mail Removed)> wrote in message
> >> > news:%(E-Mail Removed)...
> >> >> I'm having a similar problem
> >> >>
> >> >> I have a web service that make a webDav request to Exchange.
> >> >>
> >> >> I have impersonation on but when I use the defaultCredentials in the

> > web
> >> >> services to make the webdav reqeust I get an Unauthorized 401 error.

> > My
> >> >> credentials have rights to make this request and I'm at my wits end
> >> >> trying
> >> >> to figure it out.
> >> >>
> >> >> The service works if I hard code my Network credentials in the

service
> >> >> but
> >> >> does not otherwise.
> >> >
> >> > Hardcoded into your code? create a credential instead of using the
> >> > defaultcredentials?
> >> >
> >> > I thought one can only create credential for "basic" or "digest"
> >> > authentication mode.
> >> >
> >> > I try implicit impersonation, it won't work, even if you are
> >> > impersonating,
> >> > the web service has to
> >> > put the credential on the soap message in order for it to be
> >> > authenticated,
> >> > because that's
> >> > all the hosting service see when interacting with each other. don't
> >> > want
> >> > to
> >> > do explicit impersonation.
> >> >
> >> >
> >> > in .net 2.0, there will be a better support or even WSE 2.0, but this
> >> > is
> >> > not
> >> > my options here.
> >> > since if we were to use WSE 2.0, there will be a long process of

paper
> >> > work
> >> > and testing and questioning.....
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >>
> >> >> Any help with this would also be appreciated.
> >> >>
> >> >> Thanks,
> >> >> Dan
> >> >>
> >> >>
> >> >> "Kevin Yu" <(E-Mail Removed)> wrote in message
> >> >> news:(E-Mail Removed)...
> >> >> > but the problem with impersonation in the code is after

LogonUser()
> >> > win32
> >> >> > call, will the defaultcredentials be set to the new credentials
> >> >> > then?
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Kevin Yu" <(E-Mail Removed)> wrote in message
> >> >> > news:(E-Mail Removed)...
> >> >> >>I think impersonation will do , enable impersonation but don't
> >> >> >>specified
> >> >> >>the user, use code call the web service with a different
> >> >> >>username/password.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> "Brock Allen" <(E-Mail Removed)> wrote in message
> >> >> >> news:(E-Mail Removed) ...
> >> >> >>> The ASPNET account is a local account, so the other machine or

> > domain
> >> >> >>> wouldn't know about it. You can either run you web app under a
> >> > different
> >> >> >>> account, but that affects the rest of the code in there too. The
> >> >> >>> other
> >> >> >>> approach is to have a dedicated account (instead of using the

> > current
> >> >> >>> identity of ASPNET) that you can use to do the authentication

and
> >> >> >>> then
> >> >> >>> use those credentials from the client.
> >> >> >>>
> >> >> >>> -Brock
> >> >> >>> DevelopMentor
> >> >> >>> http://staff.develop.com/ballen
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>>> hi all
> >> >> >>>>
> >> >> >>>> got a question here, a web service secure mode is set to

> > "windows",
> >> > on
> >> >> >>>> the client side
> >> >> >>>>
> >> >> >>>> when supplying the credentials, it's like this:
> >> >> >>>>
> >> >> >>>> somewebservice.Authentication ssoAuth = new
> >> >> >>>> somewebservice.Authentication();
> >> >> >>>>
> >> >> >>>> ssoAuth.PreAuthenticate = true;
> >> >> >>>>
> >> >> >>>> ssoAuth.Credentials =

> > System.Net.CredentialCache.DefaultCredentials;
> >> >> >>>>
> >> >> >>>> from the info here
> >> >> >>>>
> >> >> >>>>
> >> >

http://msdn.microsoft.com/library/de...ry/en-us/cpref
> >> >> >>>>

> > /html/frlrfSystemNetCredentialCacheClassDefaultCredentia lsTopic.asp
> >> >> >>>>
> >> >> >>>> the defaultcredential should supply the current security

context
> >> >> >>>> that
> >> >> >>>> the client is running, but in my case the client is another web
> >> >> >>>> service running
> >> >> >>>>
> >> >> >>>> on another server, now by default the account that the

client(the
> >> >> >>>> calling web service) is running under ASPNET account,
> >> >> >>>>
> >> >> >>>> so on the host(somewebservice), I should add the

> > clientdomain\ASPNET
> >> >> >>>> account into the windows account?
> >> >> >>>>
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Does timer in Web Service Global.asax block my Web Service from processing web-site requests? Leo Violette ASP .Net Web Services 0 04-17-2009 12:39 AM
authentication mode windows : web vs web service application donet programmer ASP .Net 0 01-18-2008 10:47 PM
Calling Web Service that calls other Web Service with Windows Authentication manuelserpabrandao@gmail.com ASP .Net Web Services 3 06-17-2006 08:14 AM
Calling Web Service that calls other Web Service with Windows Authentication manuelserpabrandao@gmail.com ASP .Net Security 1 06-14-2006 08:55 PM
InvocationTargetException when calling "new Service()" in Axis web service to call another web service Michael Averstegge Java 0 01-10-2006 11:05 PM



Advertisments