473,320 Members | 1,691 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Why Must Impersonation be Used?

We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredentials before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".

I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?

Thanks,
Dave

Jul 24 '06 #1
3 1442
Impersonation is required, because you have the web server configured to use
Integrated Windows Authentication.

Change the site to allow anonymous access, and you won't have to use
impersonation.

"headware" <da**********@gmail.comwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredentials before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".

I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?

Thanks,
Dave

Jul 24 '06 #2
Hi Dave,

Altough the application is running with Integrated Windows Authentication,
the ASP.NET process is impersonated with the account ASPNET (Or the account
configured in the file machine.config).
I think it has to do with delegation. When you call the web service, you are
using delegation, so the account impersonating the process is used.

The same happens if you want to connect to SQL server with integrated
authentication, it uses the ASPNET account.
"headware" <da**********@gmail.comwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredentials before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".

I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?

Thanks,
Dave

Jul 26 '06 #3

Brendan Green wrote:
Impersonation is required, because you have the web server configured to use
Integrated Windows Authentication.

Change the site to allow anonymous access, and you won't have to use
impersonation.

"headware" <da**********@gmail.comwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
We have a web app that is running under Integrated Windows
Authentication. It must consume to a web service we are publishing on
another server, also running under Integrated Windows Authentication.
In order to make this work, we have to impersonate a user account with
access to the web service and set the Credential property on the web
service proxy object to DefaultCredentials before we actually make the
web service call. If we don't impersonate first, we get an exception
stating "The request failed with HTTP status 401: Unauthorized".

I understand why you would have to set the credentials on the web
service proxy, but I don't understand why you would have to use
impersonation to get this to work. Why couldn't you just set the
correct credentials on the proxy object and be done?

Thanks,
Dave
I guess what confuses me is that I don't need to use impersonation to
get access to regular pages on the site. As long as I have entered in
appropriate credentials, I can get to the pages. However, this does not
hold true for the web service. The web service requires impersonation
in addition to credentials. I doesn't even matter if the user I'm
impersonating has permission to access the .asmx file, it still works.

Am I thinking about this the wrong way?

Thanks,
Dave

Jul 27 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
by: Anil Krishnamurthy | last post by:
We have an ASP.NET application that uses COM objects through Interop. The web application requires access to network and database resources and hence, needs to impersonate a domain account. The...
2
by: Eric Veltman | last post by:
Hello everyone, Till now, I've always used IIS integrated authentication and impersonation, such that the ASP.NET code on the server is executed with the permissions of the user who is...
3
by: Wm. Scott Miller | last post by:
What is the difference between using a username and password in the processmodel section vs using one in impersonation in the machine.config file? What are the advantages of each and what are the...
26
by: andrew_webby at hotmail | last post by:
Hi Am having a problem with an app I wrote to test patch delivery. I contact a remote PC, and get it to run a patch which is installed on a server. It works fine if I use psexec for example and...
27
by: vipleo | last post by:
I am having some issues, when I try to launch another process using Process.Start(ProcessStartInfo psi) on win xp sp2 box (Other versions of xp have no issue). Here is the detail. Main app...
1
by: Patrick | last post by:
I have an ASP.NET web service whose Web.Config is set to use impersonation <authentication mode="Windows" /> <identity impersonate="true" /> Within a Web Method, I want to use...
0
by: Daniel Knöpfel | last post by:
Hello On our asp.net 2.0 website we impersonate every request to the identity of the user logged in. This works this way: 1. user logs in, providing username, password 2. user is authenticated...
0
by: Mike | last post by:
Hi all, Hopefully someone will be able to help with this issue. I have an ASP.Net application that is trying to extract frames from .avi and .wmv files to create thumbnails. The media files are...
5
by: =?Utf-8?B?S2l0dHlIYXdr?= | last post by:
I am in the process of migrating an II6 environment from a single server to a network load balanced system. Thus, I am using a virtual directory on a UNC share to house the dynamic data that the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.