We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredenti als before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".
I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?
Thanks,
Dave 3 1476
Impersonation is required, because you have the web server configured to use
Integrated Windows Authentication.
Change the site to allow anonymous access, and you won't have to use
impersonation.
"headware" <da**********@g mail.comwrote in message
news:11******** **************@ i3g2000cwc.goog legroups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredenti als before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".
I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?
Thanks,
Dave
Hi Dave,
Altough the application is running with Integrated Windows Authentication,
the ASP.NET process is impersonated with the account ASPNET (Or the account
configured in the file machine.config) .
I think it has to do with delegation. When you call the web service, you are
using delegation, so the account impersonating the process is used.
The same happens if you want to connect to SQL server with integrated
authentication, it uses the ASPNET account.
"headware" <da**********@g mail.comwrote in message
news:11******** **************@ i3g2000cwc.goog legroups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredenti als before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".
I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?
Thanks,
Dave
Brendan Green wrote:
Impersonation is required, because you have the web server configured to use
Integrated Windows Authentication.
Change the site to allow anonymous access, and you won't have to use
impersonation.
"headware" <da**********@g mail.comwrote in message
news:11******** **************@ i3g2000cwc.goog legroups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredenti als before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".
I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?
Thanks,
Dave
I guess what confuses me is that I don't need to use impersonation to
get access to regular pages on the site. As long as I have entered in
appropriate credentials, I can get to the pages. However, this does not
hold true for the web service. The web service requires impersonation
in addition to credentials. I doesn't even matter if the user I'm
impersonating has permission to access the .asmx file, it still works.
Am I thinking about this the wrong way?
Thanks,
Dave This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Anil Krishnamurthy |
last post by:
We have an ASP.NET application that uses COM objects through Interop. The
web application requires access to network and database resources and hence,
needs to impersonate a domain account. The problem is that even when it is
configured to run under a certain identity through Web.config, the
impersonation is not carried through to COM library. Consequently, the code
in COM object runs under a local account and any code that needs to access...
|
by: Eric Veltman |
last post by:
Hello everyone,
Till now, I've always used IIS integrated authentication
and impersonation, such that the ASP.NET code on the server
is executed with the permissions of the user who is sitting
behind the web browser.
Now I am wondering if it's also possible to use
|
by: Wm. Scott Miller |
last post by:
What is the difference between using a username and password in the
processmodel section vs using one in impersonation in the machine.config
file? What are the advantages of each and what are the reasons for using
each?
Thanks for any replies,
Scott
|
by: andrew_webby at hotmail |
last post by:
Hi
Am having a problem with an app I wrote to test patch delivery. I
contact a remote PC, and get it to run a patch which is installed on a
server. It works fine if I use psexec for example and I know it's not
NTFS/share-level security at fault - it's readable to everyone which
is usually enough for scheduler or any other usually-not-network-user
to reach it.
I've checked my credentials in my remote session and it says it's
|
by: vipleo |
last post by:
I am having some issues, when I try to launch another process using
Process.Start(ProcessStartInfo psi) on win xp sp2 box (Other versions
of xp have no issue).
Here is the detail.
Main app checks for updates on startup and if updates are available, it
launches separate exe to copy files.
Before launching new process(exe), I am impersonating admin user as
main app is being launched by non-admin user.
| |
by: Patrick |
last post by:
I have an ASP.NET web service whose Web.Config is set to use impersonation
<authentication mode="Windows" />
<identity impersonate="true" />
Within a Web Method, I want to use Multi-threading to spawn off an
asynchronous process, as it takes quite long to return. How could I get the
worker thread to runas the same impersonated user on ASP.NET?
|
by: Daniel Knöpfel |
last post by:
Hello
On our asp.net 2.0 website we impersonate every request to the identity of
the user logged in. This works this way:
1. user logs in, providing username, password
2. user is authenticated against an active directory and the windows
identity is retrieved (and stored in the session!!)
3. user is impersonated using the windows identity (thread is now
running under the identity of the user)
|
by: Mike |
last post by:
Hi all,
Hopefully someone will be able to help with this issue. I have an
ASP.Net application that is trying to extract frames from .avi
and .wmv files to create thumbnails. The media files are out on a
server and the .avi files work when I set the filename property of the
MediaDet object but when I try to do that with the .wmv file I get an
error thrown at me. The files all sit in the same directory and are
processed in the same loop...
|
by: =?Utf-8?B?S2l0dHlIYXdr?= |
last post by:
I am in the process of migrating an II6 environment from a single server to a
network load balanced system. Thus, I am using a virtual directory on a UNC
share to house the dynamic data that the web farm will access.
Since ASP.NET runs as a local account on the IIS servers, I have to use
impersonation to perform any operations on the data that resides on the UNC
share. I am hard-coding the impersonation credentials in the web.config files...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |