About the web service using Integrated windows authentication

If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentials is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentials because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:

Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access� and web service use the “integrated windows authentication�. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)�

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401�)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication� for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!

If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentials is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentials because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:

Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access� and web service use the “integrated windows authentication�. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)�

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401�)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication� for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!

Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access� and web service use the “integrated windows authentication�. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)�

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401�)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication� for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!