Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > System.Net.CredentialsCache.DefaultCredentials not working

Reply
Thread Tools

System.Net.CredentialsCache.DefaultCredentials not working

 
 
tom.sorensen@agresso.no
Guest
Posts: n/a
 
      07-12-2006
Hi.

I'm trying to authenticate from an asp.net client to a web service on
two different machines is the same domain. From what i gather I'm
supposed to use the following code in my client in order to
authenticate using my domain credentials:

service.Credentials = CredentialCache.DefaultCredentials ;

I am using windows integrated authentication. I can get this to work if
I use a NetworkCredential object and supply username, password and
domain, but this is not desireable.When I try to use DefaultCredentials
I get a 401 access denied response.

The IIS log files on the web service server does not contain any user
other than the ones where i supply the network credentials with a
hardcoded user.

 
Reply With Quote
 
 
 
 
Martin.Kunc@gmail.com
Guest
Posts: n/a
 
      07-13-2006
Hallo Tom,
this all looks as dual hop problem to me. The core is when you are
authenticating to one resource with your name/password, you will het
something called primary token, what is a thing, you can operate just
on one computer - this is a constraint done by windows implementation
and security reasons.
Either you can use kerberos tokens and set this all in active directory
(less secure) - you need a seperated computer and user who has this
allowed in AD.
Or you need to use basic authentication. In this way, you are passing
clear user name and password, so your application can in all phases get
a new primary token.
Did all this helped you ?
Martin

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi.
>
> I'm trying to authenticate from an asp.net client to a web service on
> two different machines is the same domain. From what i gather I'm
> supposed to use the following code in my client in order to
> authenticate using my domain credentials:
>
> service.Credentials = CredentialCache.DefaultCredentials ;
>
> I am using windows integrated authentication. I can get this to work if
> I use a NetworkCredential object and supply username, password and
> domain, but this is not desireable.When I try to use DefaultCredentials
> I get a 401 access denied response.
>
> The IIS log files on the web service server does not contain any user
> other than the ones where i supply the network credentials with a
> hardcoded user.


 
Reply With Quote
 
 
 
 
Tom-Einar
Guest
Posts: n/a
 
      07-13-2006
Hi Martin.

Thank you for your response. I've read about the dual hop problem
before. What troubles me is that my domain user does not appear in the
log files on the client machine either. The other thing is that when I
use a windows application as a client, the result is the same. This
scenario should not result in a dual hop problem, should it?

If I must, I will try to use Kerberos. Do you know where I can find
more info on this subject?

Tom

(E-Mail Removed) skrev:
> Hallo Tom,
> this all looks as dual hop problem to me. The core is when you are
> authenticating to one resource with your name/password, you will het
> something called primary token, what is a thing, you can operate just
> on one computer - this is a constraint done by windows implementation
> and security reasons.
> Either you can use kerberos tokens and set this all in active directory
> (less secure) - you need a seperated computer and user who has this
> allowed in AD.
> Or you need to use basic authentication. In this way, you are passing
> clear user name and password, so your application can in all phases get
> a new primary token.
> Did all this helped you ?
> Martin
>
> (E-Mail Removed) wrote:
> > Hi.
> >
> > I'm trying to authenticate from an asp.net client to a web service on
> > two different machines is the same domain. From what i gather I'm
> > supposed to use the following code in my client in order to
> > authenticate using my domain credentials:
> >
> > service.Credentials = CredentialCache.DefaultCredentials ;
> >
> > I am using windows integrated authentication. I can get this to work if
> > I use a NetworkCredential object and supply username, password and
> > domain, but this is not desireable.When I try to use DefaultCredentials
> > I get a 401 access denied response.
> >
> > The IIS log files on the web service server does not contain any user
> > other than the ones where i supply the network credentials with a
> > hardcoded user.


 
Reply With Quote
 
Tom-Einar
Guest
Posts: n/a
 
      07-13-2006
Correction:

This problem does not happen when using a windows application.
Definately seems to be a double hop problem. Still want to know how to
configure Kerberos if you have any links

Tom

Tom-Einar skrev:
> Hi Martin.
>
> Thank you for your response. I've read about the dual hop problem
> before. What troubles me is that my domain user does not appear in the
> log files on the client machine either. The other thing is that when I
> use a windows application as a client, the result is the same. This
> scenario should not result in a dual hop problem, should it?
>
> If I must, I will try to use Kerberos. Do you know where I can find
> more info on this subject?
>
> Tom
>
> (E-Mail Removed) skrev:
> > Hallo Tom,
> > this all looks as dual hop problem to me. The core is when you are
> > authenticating to one resource with your name/password, you will het
> > something called primary token, what is a thing, you can operate just
> > on one computer - this is a constraint done by windows implementation
> > and security reasons.
> > Either you can use kerberos tokens and set this all in active directory
> > (less secure) - you need a seperated computer and user who has this
> > allowed in AD.
> > Or you need to use basic authentication. In this way, you are passing
> > clear user name and password, so your application can in all phases get
> > a new primary token.
> > Did all this helped you ?
> > Martin
> >
> > (E-Mail Removed) wrote:
> > > Hi.
> > >
> > > I'm trying to authenticate from an asp.net client to a web service on
> > > two different machines is the same domain. From what i gather I'm
> > > supposed to use the following code in my client in order to
> > > authenticate using my domain credentials:
> > >
> > > service.Credentials = CredentialCache.DefaultCredentials ;
> > >
> > > I am using windows integrated authentication. I can get this to work if
> > > I use a NetworkCredential object and supply username, password and
> > > domain, but this is not desireable.When I try to use DefaultCredentials
> > > I get a 401 access denied response.
> > >
> > > The IIS log files on the web service server does not contain any user
> > > other than the ones where i supply the network credentials with a
> > > hardcoded user.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
response.redirect is not working but server.transfer is working gaurav tyagi ASP .Net 14 01-20-2006 04:22 AM
wifi not working on new hp, or not working after live update =?Utf-8?B?RHJhZ29ueA==?= Wireless Networking 1 10-01-2005 11:17 PM
ASP.NET client-side validation working, but button click not working Alan Silver ASP .Net 1 08-02-2005 03:50 PM
Cookies working on intranet but NOT working on Internet Martin Heuckeroth ASP .Net 5 04-01-2005 01:37 AM
Regular Expression validators NOT working, Required Field validators ARE working Ratman ASP .Net 0 09-14-2004 09:36 PM



Advertisments