Hello Asaf,
Thank you for posting in the MSDN newsgroup.
From your description, you're developing an ASP.NET webservice which hosted
in IIS. Recently, you've publshed it onto a SBS 2003 server (IIS6), and
configure it to deny anonymous access. However, you found that you can not
make a custom user (newly created one) successfully access the webservice,
correct?
As for this issue, I would like to confirm some further things in your
application and the problem environment:
1. What's the authentication type setting in your webservice's IIS virtual
directory, is it basic or intergrated windows? Also, what's the webservice
application's application pool identity in IIS.
2. What's the authentication setting you configured for your ASP.NET
webservice application in the web.config , also have you used impersonate
in your webservice (through the <identity impersonate=xxx /element in
web.config) ?
3. Currently how are you accessing the webservice(through webbrowser or
client proxy code in client application built through .net framework)?
4. What's the error message or detaile behavior you get when you failed to
access the webservice through your custom non-admin account?
When you access webservice in IIS (deny anonymous access), the webbrowser
(IE) will help you supply user credential to the service, while when we use
code proxy to programmtically call webservice memthods, we need to
programmaticaly set the credential (if we don't want to use the default
security context of the client program). Also, at server-side, whether
the ASP.NET appliation is impersonated also affect the appliation's
behavior since when ASP.NET is configured as impersonate=true, it will use
the client authenticated user identity(from IIS) to access any restriected
resource which may cause error when that user doesn't have sufficient
permission.
Anyway, please feel free to let me know if you have any other finding or
there is anything I've missed here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial
response from the community or a Microsoft Support Engineer within 1
business day is
acceptable. Please note that each follow up response may take approximately
2 business days
as the support professional working with you may need further investigation
to reach the
most efficient resolution. The offering is not appropriate for situations
that require
urgent, real-time or phone-based interactions or complex project analysis
and dump analysis
issues. Issues of this nature are best handled working with a dedicated
Microsoft Support
Engineer by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.