Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Trying to pass NetworkCredential to WebService

Reply
Thread Tools

Trying to pass NetworkCredential to WebService

 
 
Marshall
Guest
Posts: n/a
 
      07-13-2005
Hello,

I am running W2k3, Visual Studio 2003, Framework version 1.1.4322. I have
one simple asp.net web service and one simple asp.net web app. When I run
the web service directly (http://localhost/mywebservice/Service.asmx)
everything works fine. When I try to call the web service from my web app I
always get the same error:
System.Net.WebException: The request failed with HTTP status 401:
Unauthorized

I also see a new event in my System event log:
Source: Kerberos

Event Id: 4

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/mbell2.<mydomain>. The target name used was HTTP/mbell2.<mydomain>.
This indicates that the password used to encrypt the kerberos service ticket
is different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm (<mydomain>), and
the client realm. Please contact your system administrator.


I have searched Google Groups what seems like 100 times and I have tried
(what seems like) everything.

Here is my web method:
// Security commented out.

// Security works when running directly

// from http://localhost/...

//[PrincipalPermission(SecurityAction.Demand,
Role=@"MyDomain\RoleMapWS_Admins")]

[WebMethod]

public bool EnableUser(int userId)

{

try

{

(new UserDAO()).EnableAccount(userId);



return true;

}

catch (Exception ex)

{

throw;

}

}



Here is my web app:

// Private to class

private Open.WebServices.RoleMap.Service ws = new
Open.WebServices.RoleMap.Service();

...

private void Button1_Click(object sender, System.EventArgs e)

{

ICredentials cred = new NetworkCredential(@"mbell", "open",
"MyDomain");



ws.PreAuthenticate = true;

// I have tried

// ws.Credentials = cred;

ws.Credentials = cred.GetCredential(new Uri(ws.Url), "");



try

{

ws.EnableUser(2);

}

catch (Exception ex)

{

throw;

}

}



Thank you for your help,



Marshall


 
Reply With Quote
 
 
 
 
[MSFT]
Guest
Posts: n/a
 
      07-14-2005
Hello Marshall,

Did your Web service use Windows integrated authentication and disable
anonymous access? For such a web service, we need to pass a valid
credential to it. for example:

localhost.Service1 myProxy = new localhost.Service1();
myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

or

localhost.Service1 myProxy = new localhost.Service1();
myProxy.Credentials = new System.Net.NetworkCredential("domain\username",
"password", "");

for details, you can refer to:

http://support.microsoft.com/default...;EN-US;Q813834

Luke


 
Reply With Quote
 
 
 
 
Marshall
Guest
Posts: n/a
 
      07-14-2005
Thanks Luke,

Yes, the web service is set to use Integrated authentication and anonymous
access is disabled.

My code was passing credientials like you illustrated. The link you
attached guided me to another kb article which solved my problem.

http://support.microsoft.com/kb/811318/EN-US/

I changed my code to use the CredentialCache class and it worked like this:
localhost.Service ws = new localhost.Service();

System.Net.CredentialCache cache = new System.Net.CredentialCache();
cache.Add( new Uri(ws.Url), "Negotiate", new
System.Net.NetworkCredential("userName", "password", "domain"));
ws.Credentials = cache;

Response.Write(ws.HelloWorld());

Thanks,

Marshall


 
Reply With Quote
 
Marshall
Guest
Posts: n/a
 
      07-14-2005
Actually, my statement was incorrect. The problem was that my web service
was running in its own application pool with an identity of a domain
account. So this still is a problem because my web service needs to run in
its own pool because I tie Sql Server permissions to its identity.

"Marshall" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks Luke,
>
> Yes, the web service is set to use Integrated authentication and anonymous
> access is disabled.
>
> My code was passing credientials like you illustrated. The link you
> attached guided me to another kb article which solved my problem.
>
> http://support.microsoft.com/kb/811318/EN-US/
>
> I changed my code to use the CredentialCache class and it worked like
> this:
> localhost.Service ws = new localhost.Service();
>
> System.Net.CredentialCache cache = new System.Net.CredentialCache();
> cache.Add( new Uri(ws.Url), "Negotiate", new
> System.Net.NetworkCredential("userName", "password", "domain"));
> ws.Credentials = cache;
>
> Response.Write(ws.HelloWorld());
>
> Thanks,
>
> Marshall
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      07-15-2005
Hi Marshall,

When your webservice's virtual dir requires Authentication(disabled
anomymous), the clientside need to provide a certain credential for
authentication. For your scenario, that's the ASP.NET webapp. So in your
ASP.NET's webservice calling code, we need to attach a NetworkCredential to
the webservice proxy instance.

As for the further problem you mentioned,
==================
So this still is a problem because my web service needs to run in
its own pool because I tie Sql Server permissions to its identity.
===================

would you provide some further description on this? Based on my
understanding, your ASP.NET webservice can surely to running in its own
application pool (with its own identity) different from the ASP.NET
webapp's.

Looking forward to your response.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Marshall" <(E-Mail Removed)>
| References: <(E-Mail Removed)>
<(E-Mail Removed)>
<#(E-Mail Removed)>
| Subject: Re: Trying to pass NetworkCredential to WebService
| Date: Thu, 14 Jul 2005 07:52:46 -0400
| Lines: 34
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| X-RFC2646: Format=Flowed; Response
| Message-ID: <(E-Mail Removed)>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
| NNTP-Posting-Host: 66-195-172-195.gen.twtelecom.net 66.195.172.195
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservic es:7405
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
|
| Actually, my statement was incorrect. The problem was that my web
service
| was running in its own application pool with an identity of a domain
| account. So this still is a problem because my web service needs to run
in
| its own pool because I tie Sql Server permissions to its identity.
|
| "Marshall" <(E-Mail Removed)> wrote in message
| news:%(E-Mail Removed)...
| > Thanks Luke,
| >
| > Yes, the web service is set to use Integrated authentication and
anonymous
| > access is disabled.
| >
| > My code was passing credientials like you illustrated. The link you
| > attached guided me to another kb article which solved my problem.
| >
| > http://support.microsoft.com/kb/811318/EN-US/
| >
| > I changed my code to use the CredentialCache class and it worked like
| > this:
| > localhost.Service ws = new localhost.Service();
| >
| > System.Net.CredentialCache cache = new System.Net.CredentialCache();
| > cache.Add( new Uri(ws.Url), "Negotiate", new
| > System.Net.NetworkCredential("userName", "password", "domain"));
| > ws.Credentials = cache;
| >
| > Response.Write(ws.HelloWorld());
| >
| > Thanks,
| >
| > Marshall
| >
|
|
|

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible to get a NetworkCredential object from the current =?Utf-8?B?WUs=?= ASP .Net 3 03-24-2010 08:34 PM
Does NetworkCredential itself encrypt user credentials? antonyliu2002@yahoo.com ASP .Net 3 07-09-2007 07:42 PM
NetworkCredential IveCal Java 6 04-20-2006 02:42 PM
Using NetworkCredential then a Redirect to the site requiring the credientails Jay Douglas ASP .Net 4 03-06-2004 04:36 PM
Two Web Services using same NetworkCredential? wgo ASP .Net Security 0 10-14-2003 01:35 AM



Advertisments