Windows authentication on a Web service returning Access Denied (401).

Daniel Bass

Hey,

[ Background ]
I've been asked to look into network security where an IIS virtual directory
is configure to not have anonymous access, but rather to go with the windows
authentication (what the user signs in as at client). This is in the context
of a ASP.Net web service running on an intranet.

[ What I have done ]
- I've ticked and unticked all the right boxes in IIS.
- I've also added the
"myserviceproxy .Credentials =
System.Net.Cred entialCache.Def aultCredentials ;"
to the client side [ Web / Windows ] Application so that they are passed
through to the server for the request message.
- I've also ensured that my user account on the client side, is registered
as a user on the server on which the web service resides.

[ The problem ]
But when I try to process any messages, I get back an HTTP 401: Access
Denied message.
What am I doing wrong, or not doing at all?
I'm very new to all this, so if I'm missing something obvious, please
forgive me.

Thanks for your time.
Daniel.

Nov 18 '05 #1

Subscribe Reply

1392

Paul

Daniel,

What happens when you just go to the .asmx page using IE?

-Paul

"Daniel Bass" <I'm really @ sick of spam> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..

Hey,

[ Background ]
I've been asked to look into network security where an IIS virtual directory is configure to not have anonymous access, but rather to go with the windows authentication (what the user signs in as at client). This is in the context of a ASP.Net web service running on an intranet.

[ What I have done ]
- I've ticked and unticked all the right boxes in IIS.
- I've also added the
"myserviceproxy .Credentials =
System.Net.Cred entialCache.Def aultCredentials ;"
to the client side [ Web / Windows ] Application so that they are passed through to the server for the request message.
- I've also ensured that my user account on the client side, is registered
as a user on the server on which the web service resides.

[ The problem ]
But when I try to process any messages, I get back an HTTP 401: Access
Denied message.
What am I doing wrong, or not doing at all?
I'm very new to all this, so if I'm missing something obvious, please
forgive me.

Thanks for your time.
Daniel.

Nov 18 '05 #2

Daniel Bass

Paul

That works as you'd expect, giving you that page with the avialable methods
on the web service.

Dan

"Paul" <a@b.com> wrote in message
news:OO******** ******@TK2MSFTN GP12.phx.gbl...
Daniel,

What happens when you just go to the .asmx page using IE?

-Paul

"Daniel Bass" <I'm really @ sick of spam> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..

Hey,

[ Background ]
I've been asked to look into network security where an IIS virtual directory is configure to not have anonymous access, but rather to go with the windows authentication (what the user signs in as at client). This is in the context of a ASP.Net web service running on an intranet.

[ What I have done ]
- I've ticked and unticked all the right boxes in IIS.
- I've also added the
"myserviceproxy .Credentials =
System.Net.Cred entialCache.Def aultCredentials ;"
to the client side [ Web / Windows ] Application so that they are passed through to the server for the request message.
- I've also ensured that my user account on the client side, is registered
as a user on the server on which the web service resides.

[ The problem ]
But when I try to process any messages, I get back an HTTP 401: Access
Denied message.
What am I doing wrong, or not doing at all?
I'm very new to all this, so if I'm missing something obvious, please
forgive me.

Thanks for your time.
Daniel.

Nov 18 '05 #3

Daniel or Paul,

Was there any resolution to this problem? I am having the same
problem as Daniel describes. I have even gone as far as making a
"dummy" method on the web service that returns the
System.Net.Secu rity.WindowsPri ncipal.Identity and it shows my user
name.... When I try to connect to a SQL Server DB from that same Web
Service, using SSPI, it tries to connect as anonymous.

Is there some setting that I am missing?

Thanks, any information would be helpful.

Ed Castaneda
"Daniel Bass" <I'm really @ sick of spam> wrote in message news:<Om******* *******@TK2MSFT NGP10.phx.gbl>. ..

Paul

That works as you'd expect, giving you that page with the avialable methods
on the web service.

Dan

"Paul" <a@b.com> wrote in message
news:OO******** ******@TK2MSFTN GP12.phx.gbl...
Daniel,

What happens when you just go to the .asmx page using IE?

-Paul

"Daniel Bass" <I'm really @ sick of spam> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..
Hey,

[ Background ]
I've been asked to look into network security where an IIS virtual

directory
is configure to not have anonymous access, but rather to go with the

windows
authentication (what the user signs in as at client). This is in the

context
of a ASP.Net web service running on an intranet.

[ What I have done ]
- I've ticked and unticked all the right boxes in IIS.
- I've also added the
"myserviceproxy .Credentials =
System.Net.Cred entialCache.Def aultCredentials ;"
to the client side [ Web / Windows ] Application so that they are

passed
through to the server for the request message.
- I've also ensured that my user account on the client side, is registered
as a user on the server on which the web service resides.

[ The problem ]
But when I try to process any messages, I get back an HTTP 401: Access
Denied message.
What am I doing wrong, or not doing at all?
I'm very new to all this, so if I'm missing something obvious, please
forgive me.

Thanks for your time.
Daniel.

Nov 18 '05 #4

Christian Boult

Have you setup directory permissions (ACL's) on the base directory of the
web app allowing at least read access to the domain users / groups that are
to access the webservice ?
This is how it is set up for us and it works very well.

You might be authenticated all right but you don't have any access to the
directory so IIS dosen't allow you in.

Chris.

"Ed" <ed************ *@yahoo.com> wrote in message
news:15******** *************** ***@posting.goo gle.com...

Daniel or Paul,

Was there any resolution to this problem? I am having the same
problem as Daniel describes. I have even gone as far as making a
"dummy" method on the web service that returns the
System.Net.Secu rity.WindowsPri ncipal.Identity and it shows my user
name.... When I try to connect to a SQL Server DB from that same Web
Service, using SSPI, it tries to connect as anonymous.

Is there some setting that I am missing?

Thanks, any information would be helpful.

Ed Castaneda
"Daniel Bass" <I'm really @ sick of spam> wrote in message

news:<Om******* *******@TK2MSFT NGP10.phx.gbl>. ..

Paul

That works as you'd expect, giving you that page with the avialable methods on the web service.

Dan

"Paul" <a@b.com> wrote in message
news:OO******** ******@TK2MSFTN GP12.phx.gbl...
Daniel,

What happens when you just go to the .asmx page using IE?

-Paul

"Daniel Bass" <I'm really @ sick of spam> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..
Hey,

[ Background ]
I've been asked to look into network security where an IIS virtual

directory
is configure to not have anonymous access, but rather to go with the

windows
authentication (what the user signs in as at client). This is in the

context
of a ASP.Net web service running on an intranet.

[ What I have done ]
- I've ticked and unticked all the right boxes in IIS.
- I've also added the
"myserviceproxy .Credentials =
System.Net.Cred entialCache.Def aultCredentials ;"
to the client side [ Web / Windows ] Application so that they are

passed
through to the server for the request message.
- I've also ensured that my user account on the client side, is registered as a user on the server on which the web service resides.

[ The problem ]
But when I try to process any messages, I get back an HTTP 401: Access
Denied message.
What am I doing wrong, or not doing at all?
I'm very new to all this, so if I'm missing something obvious, please
forgive me.

Thanks for your time.
Daniel.

Nov 18 '05 #5

Similar topics

2619

Windows Credentialing Security Problem

by: Joseph Geretz | last post by:

I'm having a credentialing problem in my web application. Actually, I don't think this is an IIS security issue, since I'm able to access the page I'm requesting. However, the executing page itself is not able to access a specific network resource and I just can't figure out why. First of all, let me say this worked fine with IIS running on Win2000 Server. This has not worked since I upgraded to Windows Server 2003. My Platform: Windows...

ASP.NET

16510

Can I force a Windows Authentication / Login?

by: Keith H | last post by:

I'm looking for a way to force the user to re-authenticate with their Windows username/password/domain after clicking the submit button on an ASP.NET page. This is for an internal application. Does anyone know if/how this can be done?

ASP.NET

13790

About the web service using Integrated windows authentication

by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:

Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web service run in an application pool which runs under a domain user, this domain user has permissions of accessing database and the connection to database is trusted connection. All these work well. The web application will be used in internet (not...

.NET Framework

1958

asp.net windows authentication

by: DK | last post by:

I have an intranet application I've built using asp.net 3.5 / running on IIS6. The problem: when a user trys to access a page that they do not have access to, they are given the annoying windows authentication popup, which is useless because they are denied in the web.config file. After 3 tries or hitting cancel, they are then directed to the Access Denied page. How can I get rid of that popup ???

ASP.NET

8893

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8797

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8583

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8656

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7401

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

5681

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4380

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2791

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2023

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP