473,699 Members | 2,568 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

About the web service using Integrated windows authentication

Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication . If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Serv ices.Protocols. SoapHttpClientP rotocol.ReadRes ponse(SoapClien tMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentia ls = System.Net.Cred entialCache.Def aultCredentials ;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.Cred entialCache cache = new System.Net.Cred entialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate" , new
System.Net.Netw orkCredential(" username", "pass", "domain"));

Proxy.Credentia ls = cache;

Could you please tell me if I use the “integrated windows
authentication for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 20 '06 #1
3 13797
Do you mean if i use the web application in internet , we can not use the
windows authentication, the web service which the application invokes dose
not use the windows authentication either.
Then can i impersonate a domain user by using the following settings in
web.config of web application:

<identity impersonate="tr ue"

userName="regis try:HKLM\SOFTWA RE\LCA_CONTRACT _ROUTING\identi ty\ASPNET_SETRE G,userName"

password="regis try:HKLM\SOFTWA RE\LCA_CONTRACT _ROUTING\identi ty\ASPNET_SETRE G,password"
/>
and pass the domain user and password to web service(using windows
authentication) by using:
System.Net.Cred entialCache cache = new System.Net.Cred entialCache();
cache.Add(new Uri(Proxy.Url), "Negotiate" , new
em.Net.NetworkC redential("user name", "pass", "domain"));
Proxy.Credentia ls = cache;


"Peter Ritchie [C# MVP]" wrote:
If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentia ls is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentia ls because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication . If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Serv ices.Protocols. SoapHttpClientP rotocol.ReadRes ponse(SoapClien tMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentia ls = System.Net.Cred entialCache.Def aultCredentials ;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.Cred entialCache cache = new System.Net.Cred entialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate" , new
System.Net.Netw orkCredential(" username", "pass", "domain"));

Proxy.Credentia ls = cache;

Could you please tell me if I use the “integrated windows
authentication for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 25 '06 #2
Do you mean if i use the web application in internet , we can not use the
windows authentication, the web service which the application invokes dose
not use the windows authentication either.
Then can i impersonate a domain user by using the following settings in
web.config of web application:

<identity impersonate="tr ue"

userName="regis try:HKLM\SOFTWA RE\LCA_CONTRACT _ROUTING\identi ty\ASPNET_SETRE G,userName"

password="regis try:HKLM\SOFTWA RE\LCA_CONTRACT _ROUTING\identi ty\ASPNET_SETRE G,password"
/>
and pass the domain user and password to web service(using windows
authentication) by using:
System.Net.Cred entialCache cache = new System.Net.Cred entialCache();
cache.Add(new Uri(Proxy.Url), "Negotiate" , new
em.Net.NetworkC redential("user name", "pass", "domain"));
Proxy.Credentia ls = cache;
"Peter Ritchie [C# MVP]" wrote:
If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentia ls is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentia ls because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication . If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Serv ices.Protocols. SoapHttpClientP rotocol.ReadRes ponse(SoapClien tMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentia ls = System.Net.Cred entialCache.Def aultCredentials ;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.Cred entialCache cache = new System.Net.Cred entialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate" , new
System.Net.Netw orkCredential(" username", "pass", "domain"));

Proxy.Credentia ls = cache;

Could you please tell me if I use the “integrated windows
authentication for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 25 '06 #3
Hi,
You will find following two links useful which addresses the issues faced by
you:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
http://msdn.microsoft.com/library/de..._asp_pages.asp

Thanks and Regards,
Manish Bafna.
MCP and MCTS.

"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication . If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Serv ices.Protocols. SoapHttpClientP rotocol.ReadRes ponse(SoapClien tMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentia ls = System.Net.Cred entialCache.Def aultCredentials ;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.Cred entialCache cache = new System.Net.Cred entialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate" , new
System.Net.Netw orkCredential(" username", "pass", "domain"));

Proxy.Credentia ls = cache;

Could you please tell me if I use the “integrated windows
authentication for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!

Dec 26 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
2578
by: epaetz | last post by:
I'm getting Not associated with a trusted SQL Server connection errors on a .Net windows service I wrote, when it's running on my application server. It's not a problem with mixed mode security. I'm set for mixed mode and I've been running the service on the app server for over a month with no problem. My database is running on a second server and both are under the same domain. The problem has occurred twice over the last two months.
2
1371
by: Craig | last post by:
Hope this is the right group, first timer - Just got back from holiday to find our Dev Server (Standard 2003, All hotfixes up to date) has been patched with KB 867460 (.NET Framework 1.1 Service Pack 1 (SP1)), and now when I try to debug remotely from Visual Studio 2003 (Local PC (XP-SP2)) has this service pack as well and on the same domain as the server) I get; Error while trying to run Project: Unable to satrt debugging on the web...
2
3373
by: Kumar | last post by:
I have a VB 6 COM object that uses ADO 2.6 to connect to a database. I have a Web Service that references this COM object and calls a method in this objects that uses ADO 2.6 to connect. The Web Service gives the error "connectedSQL Server does not exist or access denied." I am using Windows Integrated Security. The connection string looks like this: "Provider=SQLOLEDB; Data Source=servername;Initial
0
3590
by: John Bown | last post by:
This query is similar to some others on this discussion group, but none of them were resolved! Can anybody help: The issue is related to integrated authentication. First I'll describe a simple scenario not involving ISA server, which works as expected: The web service is hosted on a server in the same domain as my workstation with anonymous access denied, and integrated authentication enabled. If I access the web service using the...
1
1690
by: Rosi | last post by:
Hi, I am having web service with number of methods. We are using integrated windows authentication for this web service. This service is working fine with integrated windows authentication.
0
1010
by: brettburbidge | last post by:
I building a windows application that when opened uses IIS to authenticate the user against a custom database. When the application starts it contacts the Web Service to login. Right now I am using Environment.UserName to get the windows account name and passing that to the Web Service where it checks the database to see if that user name exists. This works ok but I would like to know how to use actual Integrated Windows...
4
7913
by: =?Utf-8?B?VGFrdW1p?= | last post by:
I have a ASP.NET web page that calls a web service on a server with IIS installed on it. When it calls the web service, it gives a HTTP status 401 error stating that it is unauthorized to call the web service. After searching the Microsoft Knowledge Base, article ID 811318 describes my exact problem. However, when I try to implement the stated solution, I still receive the same error. Basically if I add the following line of code, it...
0
1687
by: JeremyPollack | last post by:
Here's the situation : I have the same ASP.NET 2.0 web application running on both Machine A and Machine B. On both machines, I have Integrated Windows Authentication turned on, and Anonymous Access turned off for the folder that contains the webservice .ASMX file. When I hit a certain page on Machine A, it will call the web service on Machine A, and then it will call the same web service on Machine B. Likewise, when I hit the same...
10
1957
by: Ben | last post by:
I'm trying to access a c# web service from a web form. I set up the web reference proxy object as follows: proxy.PreAuthenticate = true; proxy.Credentials = CredentialCache.DefaultCredentials; but i get a 401 error. If I switch the IIS website from Integrated Windows Auth to Anonymous, it works... but i want it to use windows
0
8705
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look ! Part I. Meaning of...
0
8623
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9197
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8941
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
6549
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4390
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3071
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2362
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2015
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.