By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,091 Members | 1,555 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,091 IT Pros & Developers. It's quick & easy.

About the web service using Integrated windows authentication

P: n/a
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication”. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication” for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 20 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Do you mean if i use the web application in internet , we can not use the
windows authentication, the web service which the application invokes dose
not use the windows authentication either.
Then can i impersonate a domain user by using the following settings in
web.config of web application:

<identity impersonate="true"

userName="registry:HKLM\SOFTWARE\LCA_CONTRACT_ROUT ING\identity\ASPNET_SETREG,userName"

password="registry:HKLM\SOFTWARE\LCA_CONTRACT_ROUT ING\identity\ASPNET_SETREG,password"
/>
and pass the domain user and password to web service(using windows
authentication) by using:
System.Net.CredentialCache cache = new System.Net.CredentialCache();
cache.Add(new Uri(Proxy.Url), "Negotiate", new
em.Net.NetworkCredential("username", "pass", "domain"));
Proxy.Credentials = cache;


"Peter Ritchie [C# MVP]" wrote:
If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentials is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentials because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication”. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication” for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 25 '06 #2

P: n/a
Do you mean if i use the web application in internet , we can not use the
windows authentication, the web service which the application invokes dose
not use the windows authentication either.
Then can i impersonate a domain user by using the following settings in
web.config of web application:

<identity impersonate="true"

userName="registry:HKLM\SOFTWARE\LCA_CONTRACT_ROUT ING\identity\ASPNET_SETREG,userName"

password="registry:HKLM\SOFTWARE\LCA_CONTRACT_ROUT ING\identity\ASPNET_SETREG,password"
/>
and pass the domain user and password to web service(using windows
authentication) by using:
System.Net.CredentialCache cache = new System.Net.CredentialCache();
cache.Add(new Uri(Proxy.Url), "Negotiate", new
em.Net.NetworkCredential("username", "pass", "domain"));
Proxy.Credentials = cache;
"Peter Ritchie [C# MVP]" wrote:
If your web application is being called over the Internet, outside the
domain, where do you expect domain credentials to come from? Integrated
Windows authentication just takes the user credentials that the browser
supplies. If that browser is on the Internet (outside the domain) the
credentials will be unknown to that domain an won't be granted access.

Proxy.Credentials is only used if you're accessing the web via a
proxy--which is probably why it worked when both computers were within the
domain. My guess it would also work if you deleted the line setting
Proxy.Credentials because it doesn't apply.

If you expect users of your web service to be outside the domain (i.e. not
logged into it) you can't use integrated windows authentication, you'll have
to use some other method of accepting/validating credentials.

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication”. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication” for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!
Dec 25 '06 #3

P: n/a
Hi,
You will find following two links useful which addresses the issues faced by
you:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
http://msdn.microsoft.com/library/de..._asp_pages.asp

Thanks and Regards,
Manish Bafna.
MCP and MCTS.

"Dandan Zhang" wrote:
Now I have a web application, a web service and a SQL Server database.

The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.

I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.

The web application will be used in internet (not in the intranet),
but the web service can only be used in intranet so I want to use the
integrated windows authentication for the web service, can I?

No I want to let the web application use the “Enable anonymous
access” and web service use the “integrated windows authentication”. If so,
when I use the web application to invoke the web service, I will receive the
“The request failed with HTTP status 401: Unauthorized. at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)”

I already used the following two ways in my web application code when
invoking web service:

Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

(this method works only when the web application and web service are in the
same box, when I deployed the two in different computer, I still got the
error “The request failed with HTTP status 401”)

Or

System.Net.CredentialCache cache = new System.Net.CredentialCache();

cache.Add(new Uri(Proxy.Url), "Negotiate", new
System.Net.NetworkCredential("username", "pass", "domain"));

Proxy.Credentials = cache;

Could you please tell me if I use the “integrated windows
authentication” for the web service, how does the user’s certificate be
conveyed to web service? (the application user will be anyone in the
internet, will the web service know him)
Sincerely waiting for your feedback!

Dec 26 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.