We are working on a distributed VB.Net application which will access a SQL
database located on a known server. Each client will run on the user's
local machine. To implement this, we are trying to use remoting for our
access to the SQL server, with the remoting being via IIS. Since all of our
users will have accounts in the destination domain, we want to have IIS
handle the security for us and not allow anonymous. We have set this up
with one of our development clients and servers, but when we try to connect
we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll
Additional information: the remote server returned an error: (401)
Unauthorized.
Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried with
setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since the
application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a
trust relationship exists between the two domains. We have verified that
the trust works by opening the NorthWind database in Enterprise Manager on
the development machine.
Can anyone tell us what we are doing wrong here? 15 1247
Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to the
server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl... We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
The issue is IIS connections are anonymous until login. With a local app, you
do not get a logon box, so you stay anon. Boom!!!
Good starting point: http://msdn.microsoft.com/library/en...SecNetch11.asp
I assume you are using HTTP as transport (IIS) as you want the built in
authentication methods. That is fine, but realize you will have to have the
user log in, or have the machines set up to automatically use the user's
account. Network admins can push this out, via policy, to avoid individually
setting up machines.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"Ron L" wrote: We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.
Ron L
--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>
<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to clients
from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />
</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO**************@TK2MSFTNGP14.phx.gbl... Have you set the remoting client to pass the default credentials to the server? If so, how? Also, what happens when you attempt to browse to the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message news:eg**************@TK2MSFTNGP14.phx.gbl... We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
Gregory
Thanks for the response. I had assumed that IIS would handle the login
box for me, like it does for ASP. Rats! I will take a look at the link you
sent. Am I in the same boat with Web Services, or will they provide the
login box for me?
Ron L
"Cowboy (Gregory A. Beamer) - MVP" <No************@comcast.netNoSpamM> wrote
in message news:21**********************************@microsof t.com... The issue is IIS connections are anonymous until login. With a local app, you do not get a logon box, so you stay anon. Boom!!!
Good starting point: http://msdn.microsoft.com/library/en...SecNetch11.asp
I assume you are using HTTP as transport (IIS) as you want the built in authentication methods. That is fine, but realize you will have to have the user log in, or have the machines set up to automatically use the user's account. Network admins can push this out, via policy, to avoid individually setting up machines.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA
*************************** Think Outside the Box! ***************************
"Ron L" wrote:
We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that should be
sent to the server? (If you don't know what this question means, chances
are excellent that you're not sending any credentials, which would explain
the authentication problem. <g>) Also, could you please check if you can
access the server via IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:O%****************@TK2MSFTNGP15.phx.gbl... Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... Have you set the remoting client to pass the default credentials to the server? If so, how? Also, what happens when you attempt to browse to the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message news:eg**************@TK2MSFTNGP14.phx.gbl... We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
Nicole
I guess I don't know how I am specifying the credentials on the client
side. As I said to Gregory, I was assuming that IIS handled the credentials
as it does for ASP. As to accessing the server, if I enter the following
URL: http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
I get an automatically generated web page listing the message names, port
names, binding names, etc.
Ron L
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... That looks like your server config file, which isn't what I was asking about. On the client, how are you specifying the credentials that should be sent to the server? (If you don't know what this question means, chances are excellent that you're not sending any credentials, which would explain the authentication problem. <g>) Also, could you please check if you can access the server via IE? "Ron L" <ro**@bogus.Address.com> wrote in message news:O%****************@TK2MSFTNGP15.phx.gbl... Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... Have you set the remoting client to pass the default credentials to the server? If so, how? Also, what happens when you attempt to browse to the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message news:eg**************@TK2MSFTNGP14.phx.gbl... We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:uI**************@TK2MSFTNGP10.phx.gbl... Nicole I guess I don't know how I am specifying the credentials on the client side.
Then chances are very good that the client credentials aren't being passed.
See http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote Objects"
section) for possible approaches.
As I said to Gregory, I was assuming that IIS handled the credentials as it does for ASP.
IIS will perform the user authentication, but only if the user's credentials
are passed from the client machine, which is something that IIS cannot do.
The transparent passing of client credentials that you see when using IE to
browse a Windows-authenticated intranet site is because IE is configured to
pass those credentials without user intervention. You'll need to make it
possible for your client application to pass the same credentials.
As to accessing the server, if I enter the following URL: http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
I get an automatically generated web page listing the message names, port names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE? Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... That looks like your server config file, which isn't what I was asking about. On the client, how are you specifying the credentials that should be sent to the server? (If you don't know what this question means, chances are excellent that you're not sending any credentials, which would explain the authentication problem. <g>) Also, could you please check if you can access the server via IE? "Ron L" <ro**@bogus.Address.com> wrote in message news:O%****************@TK2MSFTNGP15.phx.gbl... Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... Have you set the remoting client to pass the default credentials to the server? If so, how? Also, what happens when you attempt to browse to the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message news:eg**************@TK2MSFTNGP14.phx.gbl... > We are working on a distributed VB.Net application which will access a > SQL database located on a known server. Each client will run on the > user's local machine. To implement this, we are trying to use > remoting for our access to the SQL server, with the remoting being via > IIS. Since all of our users will have accounts in the destination > domain, we want to have IIS handle the security for us and not allow > anonymous. We have set this up with one of our development clients and > servers, but when we try to connect we get the following error > message: > An unhandled exception of type 'System.Net.WebException' occurred > in mscorlib.dll > > Additional information: the remote server returned an error: > (401) Unauthorized. > > > > Our configuration is this: > Component Running on > Module1 the development machine > RemotingTest IIS on the development machine > NorthWind DB SQL Server on another server > > IIS is configured for Windows Authentication, and the directory with > the RemotingTest object has "Script Source Access" set and the Execute > Permissions are set to "Scripts and Executables". We have also tried > with setting IIS to Allow Anonymous, which moves the error out to the > SQL connection (with the error message of "can't make a connection for > user NULL"). Even if anonymous did work, it would be a problem for us > since the application we are using requires the username to be > accessible. > > The SQL server is in a different domain from development machine, > however a trust relationship exists between the two domains. We have > verified that the trust works by opening the NorthWind database in > Enterprise Manager on the development machine. > > Can anyone tell us what we are doing wrong here? > > >
Nicole
I have been attempting to wade through the reference you gave me (it was
the same reference that Gregory gave). What I want my application to be
able to do is to try the credentials of the currently logged in user, and if
that fails prompt the user for a username and password. Is this two
different instances of using specific credentials, or is it one instance of
using default credentials and one of using specific credentials?
As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view this
page" error page.
Ron L
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u%****************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:uI**************@TK2MSFTNGP10.phx.gbl... Nicole I guess I don't know how I am specifying the credentials on the client side.
Then chances are very good that the client credentials aren't being passed. See http://msdn.microsoft.com/library/en...SecNetch11.asp (particularly the "Passing Credentials for Authentication to Remote Objects" section) for possible approaches.
As I said to Gregory, I was assuming that IIS handled the credentials as it does for ASP.
IIS will perform the user authentication, but only if the user's credentials are passed from the client machine, which is something that IIS cannot do. The transparent passing of client credentials that you see when using IE to browse a Windows-authenticated intranet site is because IE is configured to pass those credentials without user intervention. You'll need to make it possible for your client application to pass the same credentials.
As to accessing the server, if I enter the following URL: http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
I get an automatically generated web page listing the message names, port names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE?
Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... That looks like your server config file, which isn't what I was asking about. On the client, how are you specifying the credentials that should be sent to the server? (If you don't know what this question means, chances are excellent that you're not sending any credentials, which would explain the authentication problem. <g>) Also, could you please check if you can access the server via IE? "Ron L" <ro**@bogus.Address.com> wrote in message news:O%****************@TK2MSFTNGP15.phx.gbl... Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... > Have you set the remoting client to pass the default credentials to > the server? If so, how? Also, what happens when you attempt to > browse to the server URL in IE? > > > "Ron L" <ro**@bogus.Address.com> wrote in message > news:eg**************@TK2MSFTNGP14.phx.gbl... >> We are working on a distributed VB.Net application which will access >> a SQL database located on a known server. Each client will run on >> the user's local machine. To implement this, we are trying to use >> remoting for our access to the SQL server, with the remoting being >> via IIS. Since all of our users will have accounts in the destination >> domain, we want to have IIS handle the security for us and not allow >> anonymous. We have set this up with one of our development clients >> and servers, but when we try to connect we get the following error >> message: >> An unhandled exception of type 'System.Net.WebException' >> occurred in mscorlib.dll >> >> Additional information: the remote server returned an error: >> (401) Unauthorized. >> >> >> >> Our configuration is this: >> Component Running on >> Module1 the development machine >> RemotingTest IIS on the development machine >> NorthWind DB SQL Server on another server >> >> IIS is configured for Windows Authentication, and the directory with >> the RemotingTest object has "Script Source Access" set and the >> Execute Permissions are set to "Scripts and Executables". We have >> also tried with setting IIS to Allow Anonymous, which moves the error >> out to the SQL connection (with the error message of "can't make a >> connection for user NULL"). Even if anonymous did work, it would be >> a problem for us since the application we are using requires the >> username to be accessible. >> >> The SQL server is in a different domain from development machine, >> however a trust relationship exists between the two domains. We have >> verified that the trust works by opening the NorthWind database in >> Enterprise Manager on the development machine. >> >> Can anyone tell us what we are doing wrong here? >> >> >> > >
"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl... Nicole I have been attempting to wade through the reference you gave me (it was the same reference that Gregory gave). What I want my application to be able to do is to try the credentials of the currently logged in user, and if that fails prompt the user for a username and password. Is this two different instances of using specific credentials, or is it one instance of using default credentials and one of using specific credentials?
If you want to allow falling back to user-provided credentials, you'll need
to do at least two things:
1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel attributes
in the configuration file. An example of the programmatic approach is shown
in the "Programmatic configuration" section of the ".NET Remoting Security"
reference.
2. Adjust the client code in #1 to attempt to connect to the server and, if
authentication fails, prompt the user for custom credentials then switch
over to using those credentials. An example of setting the proxy to use
such credentials is shown in the "Using specific credentials" section of the
".NET Remoting Security" reference.
As to disabling automatic login (setting it to anonymous in Local Intranet, and trusted sites), I get the "You are not authorized to view this page" error page.
Good news since this means that the user credentials automatically provided
by IE prior to disabling this behaviour were authenticating successfully and
permitting access to the server. Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:u%****************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:uI**************@TK2MSFTNGP10.phx.gbl... Nicole I guess I don't know how I am specifying the credentials on the client side.
Then chances are very good that the client credentials aren't being passed. See http://msdn.microsoft.com/library/en...SecNetch11.asp (particularly the "Passing Credentials for Authentication to Remote Objects" section) for possible approaches.
As I said to Gregory, I was assuming that IIS handled the credentials as it does for ASP.
IIS will perform the user authentication, but only if the user's credentials are passed from the client machine, which is something that IIS cannot do. The transparent passing of client credentials that you see when using IE to browse a Windows-authenticated intranet site is because IE is configured to pass those credentials without user intervention. You'll need to make it possible for your client application to pass the same credentials.
As to accessing the server, if I enter the following URL: http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
I get an automatically generated web page listing the message names, port names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE?
Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... That looks like your server config file, which isn't what I was asking about. On the client, how are you specifying the credentials that should be sent to the server? (If you don't know what this question means, chances are excellent that you're not sending any credentials, which would explain the authentication problem. <g>) Also, could you please check if you can access the server via IE? "Ron L" <ro**@bogus.Address.com> wrote in message news:O%****************@TK2MSFTNGP15.phx.gbl... > Nicole > Thanks for your response. I am using a web.config file that I have > included at the end of this message. > > Ron L > > --------------------------Start > Web.Config ------------------------------------------------ > <?xml version="1.0" encoding="utf-8" ?> > <configuration> > > <system.web> > <compilation defaultLanguage="vb" debug="true" /> > <customErrors mode="RemoteOnly" /> > <authentication mode="Windows" /> > <authorization> > <allow users="*" /> <!-- Allow all users --> > <allow verbs="GET" users="*" /> > </authorization> > <trace enabled="false" requestLimit="10" pageOutput="false" > traceMode="SortByTime" localOnly="true" /> > <sessionState > mode="Off" > /> > <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> > > <identity impersonate="true" /> > > </system.web> > > <appSettings> > <!-- Trusted_Connection=yes --> > <add key="ConnectionString" > value="Provider=SQLOLEDB;Data Source=Dev2k;Initial > Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> > </appSettings> > > <system.runtime.remoting> > <application> > <!-- the following section defines the classes we're exposing to > clients from this host --> > <service> > <wellknown mode="SingleCall" > objectUri = "NWInfo.rem" > type = "RemotingTest.NWInfo, RemotingTest" /> > > </service> > <channels> > <channel ref="http" > useDefaultCredentials="true" /> > </channels> > </application> > </system.runtime.remoting> > </configuration> > -------------------------- End > Web.Config ----------------------------------------------- > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in > message news:uO**************@TK2MSFTNGP14.phx.gbl... >> Have you set the remoting client to pass the default credentials to >> the server? If so, how? Also, what happens when you attempt to >> browse to the server URL in IE? >> >> >> "Ron L" <ro**@bogus.Address.com> wrote in message >> news:eg**************@TK2MSFTNGP14.phx.gbl... >>> We are working on a distributed VB.Net application which will access >>> a SQL database located on a known server. Each client will run on >>> the user's local machine. To implement this, we are trying to use >>> remoting for our access to the SQL server, with the remoting being >>> via IIS. Since all of our users will have accounts in the >>> destination domain, we want to have IIS handle the security for us >>> and not allow anonymous. We have set this up with one of our >>> development clients and servers, but when we try to connect we get >>> the following error message: >>> An unhandled exception of type 'System.Net.WebException' >>> occurred in mscorlib.dll >>> >>> Additional information: the remote server returned an error: >>> (401) Unauthorized. >>> >>> >>> >>> Our configuration is this: >>> Component Running on >>> Module1 the development machine >>> RemotingTest IIS on the development machine >>> NorthWind DB SQL Server on another server >>> >>> IIS is configured for Windows Authentication, and the directory with >>> the RemotingTest object has "Script Source Access" set and the >>> Execute Permissions are set to "Scripts and Executables". We have >>> also tried with setting IIS to Allow Anonymous, which moves the >>> error out to the SQL connection (with the error message of "can't >>> make a connection for user NULL"). Even if anonymous did work, it >>> would be a problem for us since the application we are using >>> requires the username to be accessible. >>> >>> The SQL server is in a different domain from development machine, >>> however a trust relationship exists between the two domains. We >>> have verified that the trust works by opening the NorthWind database >>> in Enterprise Manager on the development machine. >>> >>> Can anyone tell us what we are doing wrong here? >>> >>> >>> >> >> > >
Nicole
I have found the code you referenced as an example:
IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] = CredentialCache.DefaultCredentials;
The thing I am not able to come up with is where the variable "proxy" is set
and what is it? If I try making it be the RemotingInterface object in the
code below, I still get my (401) Unauthorized error. Can you clear this up
for me?
TIA
Ron L
------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"
Console.WriteLine("Welcome to the client application.")
_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL),
RemotingInterface.iNWInfo)
Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)
Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@TK2MSFTNGP15.phx.gbl... Nicole I have been attempting to wade through the reference you gave me (it was the same reference that Gregory gave). What I want my application to be able to do is to try the credentials of the currently logged in user, and if that fails prompt the user for a username and password. Is this two different instances of using specific credentials, or is it one instance of using default credentials and one of using specific credentials?
If you want to allow falling back to user-provided credentials, you'll need to do at least two things:
1. Use programmatic configuration of the credentials in your client application rather than specifying the credentials using channel attributes in the configuration file. An example of the programmatic approach is shown in the "Programmatic configuration" section of the ".NET Remoting Security" reference.
2. Adjust the client code in #1 to attempt to connect to the server and, if authentication fails, prompt the user for custom credentials then switch over to using those credentials. An example of setting the proxy to use such credentials is shown in the "Using specific credentials" section of the ".NET Remoting Security" reference. As to disabling automatic login (setting it to anonymous in Local Intranet, and trusted sites), I get the "You are not authorized to view this page" error page.
Good news since this means that the user credentials automatically provided by IE prior to disabling this behaviour were authenticating successfully and permitting access to the server.
Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:u%****************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:uI**************@TK2MSFTNGP10.phx.gbl... Nicole I guess I don't know how I am specifying the credentials on the client side.
Then chances are very good that the client credentials aren't being passed. See http://msdn.microsoft.com/library/en...SecNetch11.asp (particularly the "Passing Credentials for Authentication to Remote Objects" section) for possible approaches.
As I said to Gregory, I was assuming that IIS handled the credentials as it does for ASP.
IIS will perform the user authentication, but only if the user's credentials are passed from the client machine, which is something that IIS cannot do. The transparent passing of client credentials that you see when using IE to browse a Windows-authenticated intranet site is because IE is configured to pass those credentials without user intervention. You'll need to make it possible for your client application to pass the same credentials.
As to accessing the server, if I enter the following URL: http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
I get an automatically generated web page listing the message names, port names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE? Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... > That looks like your server config file, which isn't what I was asking > about. On the client, how are you specifying the credentials that > should be sent to the server? (If you don't know what this question > means, chances are excellent that you're not sending any credentials, > which would explain the authentication problem. <g>) Also, could you > please check if you can access the server via IE? > > > > "Ron L" <ro**@bogus.Address.com> wrote in message > news:O%****************@TK2MSFTNGP15.phx.gbl... >> Nicole >> Thanks for your response. I am using a web.config file that I >> have included at the end of this message. >> >> Ron L >> >> --------------------------Start >> Web.Config ------------------------------------------------ >> <?xml version="1.0" encoding="utf-8" ?> >> <configuration> >> >> <system.web> >> <compilation defaultLanguage="vb" debug="true" /> >> <customErrors mode="RemoteOnly" /> >> <authentication mode="Windows" /> >> <authorization> >> <allow users="*" /> <!-- Allow all users --> >> <allow verbs="GET" users="*" /> >> </authorization> >> <trace enabled="false" requestLimit="10" pageOutput="false" >> traceMode="SortByTime" localOnly="true" /> >> <sessionState >> mode="Off" >> /> >> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> >> >> <identity impersonate="true" /> >> >> </system.web> >> >> <appSettings> >> <!-- Trusted_Connection=yes --> >> <add key="ConnectionString" >> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial >> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " >> /> >> </appSettings> >> >> <system.runtime.remoting> >> <application> >> <!-- the following section defines the classes we're exposing to >> clients from this host --> >> <service> >> <wellknown mode="SingleCall" >> objectUri = "NWInfo.rem" >> type = "RemotingTest.NWInfo, RemotingTest" /> >> >> </service> >> <channels> >> <channel ref="http" >> useDefaultCredentials="true" /> >> </channels> >> </application> >> </system.runtime.remoting> >> </configuration> >> -------------------------- End >> Web.Config ----------------------------------------------- >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >> message news:uO**************@TK2MSFTNGP14.phx.gbl... >>> Have you set the remoting client to pass the default credentials to >>> the server? If so, how? Also, what happens when you attempt to >>> browse to the server URL in IE? >>> >>> >>> "Ron L" <ro**@bogus.Address.com> wrote in message >>> news:eg**************@TK2MSFTNGP14.phx.gbl... >>>> We are working on a distributed VB.Net application which will >>>> access a SQL database located on a known server. Each client will >>>> run on the user's local machine. To implement this, we are trying >>>> to use remoting for our access to the SQL server, with the remoting >>>> being via IIS. Since all of our users will have accounts in the >>>> destination domain, we want to have IIS handle the security for us >>>> and not allow anonymous. We have set this up with one of our >>>> development clients and servers, but when we try to connect we get >>>> the following error message: >>>> An unhandled exception of type 'System.Net.WebException' >>>> occurred in mscorlib.dll >>>> >>>> Additional information: the remote server returned an error: >>>> (401) Unauthorized. >>>> >>>> >>>> >>>> Our configuration is this: >>>> Component Running on >>>> Module1 the development machine >>>> RemotingTest IIS on the development machine >>>> NorthWind DB SQL Server on another server >>>> >>>> IIS is configured for Windows Authentication, and the directory >>>> with the RemotingTest object has "Script Source Access" set and the >>>> Execute Permissions are set to "Scripts and Executables". We have >>>> also tried with setting IIS to Allow Anonymous, which moves the >>>> error out to the SQL connection (with the error message of "can't >>>> make a connection for user NULL"). Even if anonymous did work, it >>>> would be a problem for us since the application we are using >>>> requires the username to be accessible. >>>> >>>> The SQL server is in a different domain from development machine, >>>> however a trust relationship exists between the two domains. We >>>> have verified that the trust works by opening the NorthWind >>>> database in Enterprise Manager on the development machine. >>>> >>>> Can anyone tell us what we are doing wrong here? >>>> >>>> >>>> >>> >>> >> >> > >
I can't see any obvious problems in your code. Do you still get a 401 error
if you try to reproduce the simple sample from http://msdn.microsoft.com/library/en...tinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Nicole I have found the code you referenced as an example:
IDictionary channelProperties; channelProperties = ChannelServices.GetChannelSinkProperties(proxy); channelProperties ["credentials"] = CredentialCache.DefaultCredentials;
The thing I am not able to come up with is where the variable "proxy" is set and what is it? If I try making it be the RemotingInterface object in the code below, I still get my (401) Unauthorized error. Can you clear this up for me?
TIA Ron L
------------------------------ Code Stub ------------------------------------------- Sub Main() Dim _NWInfo As iNWInfo Dim serverURL As String = "http://localhost/dotNET/RemotingTest/NWInfo.rem"
Console.WriteLine("Welcome to the client application.")
_NWInfo = CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL), RemotingInterface.iNWInfo)
Dim channelProperties As IDictionary channelProperties = ChannelServices.GetChannelSinkProperties(_NWInfo) channelProperties("credentials") = System.Net.CredentialCache.DefaultCredentials Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)
Dim dt As DataTable Dim row As DataRow dt = _NWInfo.GetMostExpensiveProducts For Each row In dt.Rows Console.WriteLine(row.Item(0)) Next Console.WriteLine("Press the <enter> key to exit.") Console.Read() End Sub ------------------------------\Code Stub ------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OE**************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@TK2MSFTNGP15.phx.gbl... Nicole I have been attempting to wade through the reference you gave me (it was the same reference that Gregory gave). What I want my application to be able to do is to try the credentials of the currently logged in user, and if that fails prompt the user for a username and password. Is this two different instances of using specific credentials, or is it one instance of using default credentials and one of using specific credentials?
If you want to allow falling back to user-provided credentials, you'll need to do at least two things:
1. Use programmatic configuration of the credentials in your client application rather than specifying the credentials using channel attributes in the configuration file. An example of the programmatic approach is shown in the "Programmatic configuration" section of the ".NET Remoting Security" reference.
2. Adjust the client code in #1 to attempt to connect to the server and, if authentication fails, prompt the user for custom credentials then switch over to using those credentials. An example of setting the proxy to use such credentials is shown in the "Using specific credentials" section of the ".NET Remoting Security" reference. As to disabling automatic login (setting it to anonymous in Local Intranet, and trusted sites), I get the "You are not authorized to view this page" error page.
Good news since this means that the user credentials automatically provided by IE prior to disabling this behaviour were authenticating successfully and permitting access to the server.
Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:u%****************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:uI**************@TK2MSFTNGP10.phx.gbl... > Nicole > I guess I don't know how I am specifying the credentials on the > client side.
Then chances are very good that the client credentials aren't being passed. See http://msdn.microsoft.com/library/en...SecNetch11.asp (particularly the "Passing Credentials for Authentication to Remote Objects" section) for possible approaches.
> As I said to Gregory, I was assuming that IIS handled the credentials > as it does for ASP.
IIS will perform the user authentication, but only if the user's credentials are passed from the client machine, which is something that IIS cannot do. The transparent passing of client credentials that you see when using IE to browse a Windows-authenticated intranet site is because IE is configured to pass those credentials without user intervention. You'll need to make it possible for your client application to pass the same credentials.
> As to accessing the server, if I enter the following URL: > http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl > > I get an automatically generated web page listing the message names, > port names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE?
> > Ron L > > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in > message news:%2****************@TK2MSFTNGP09.phx.gbl... >> That looks like your server config file, which isn't what I was >> asking about. On the client, how are you specifying the credentials >> that should be sent to the server? (If you don't know what this >> question means, chances are excellent that you're not sending any >> credentials, which would explain the authentication problem. <g>) >> Also, could you please check if you can access the server via IE? >> >> >> >> "Ron L" <ro**@bogus.Address.com> wrote in message >> news:O%****************@TK2MSFTNGP15.phx.gbl... >>> Nicole >>> Thanks for your response. I am using a web.config file that I >>> have included at the end of this message. >>> >>> Ron L >>> >>> --------------------------Start >>> Web.Config ------------------------------------------------ >>> <?xml version="1.0" encoding="utf-8" ?> >>> <configuration> >>> >>> <system.web> >>> <compilation defaultLanguage="vb" debug="true" /> >>> <customErrors mode="RemoteOnly" /> >>> <authentication mode="Windows" /> >>> <authorization> >>> <allow users="*" /> <!-- Allow all users --> >>> <allow verbs="GET" users="*" /> >>> </authorization> >>> <trace enabled="false" requestLimit="10" pageOutput="false" >>> traceMode="SortByTime" localOnly="true" /> >>> <sessionState >>> mode="Off" >>> /> >>> <globalization requestEncoding="utf-8" responseEncoding="utf-8" >>> /> >>> >>> <identity impersonate="true" /> >>> >>> </system.web> >>> >>> <appSettings> >>> <!-- Trusted_Connection=yes --> >>> <add key="ConnectionString" >>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial >>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " >>> /> >>> </appSettings> >>> >>> <system.runtime.remoting> >>> <application> >>> <!-- the following section defines the classes we're exposing to >>> clients from this host --> >>> <service> >>> <wellknown mode="SingleCall" >>> objectUri = "NWInfo.rem" >>> type = "RemotingTest.NWInfo, RemotingTest" /> >>> >>> </service> >>> <channels> >>> <channel ref="http" >>> useDefaultCredentials="true" /> >>> </channels> >>> </application> >>> </system.runtime.remoting> >>> </configuration> >>> -------------------------- End >>> Web.Config ----------------------------------------------- >>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>> message news:uO**************@TK2MSFTNGP14.phx.gbl... >>>> Have you set the remoting client to pass the default credentials to >>>> the server? If so, how? Also, what happens when you attempt to >>>> browse to the server URL in IE? >>>> >>>> >>>> "Ron L" <ro**@bogus.Address.com> wrote in message >>>> news:eg**************@TK2MSFTNGP14.phx.gbl... >>>>> We are working on a distributed VB.Net application which will >>>>> access a SQL database located on a known server. Each client will >>>>> run on the user's local machine. To implement this, we are trying >>>>> to use remoting for our access to the SQL server, with the >>>>> remoting being via IIS. Since all of our users will have accounts >>>>> in the destination domain, we want to have IIS handle the security >>>>> for us and not allow anonymous. We have set this up with one of >>>>> our development clients and servers, but when we try to connect we >>>>> get the following error message: >>>>> An unhandled exception of type 'System.Net.WebException' >>>>> occurred in mscorlib.dll >>>>> >>>>> Additional information: the remote server returned an error: >>>>> (401) Unauthorized. >>>>> >>>>> >>>>> >>>>> Our configuration is this: >>>>> Component Running on >>>>> Module1 the development machine >>>>> RemotingTest IIS on the development machine >>>>> NorthWind DB SQL Server on another server >>>>> >>>>> IIS is configured for Windows Authentication, and the directory >>>>> with the RemotingTest object has "Script Source Access" set and >>>>> the Execute Permissions are set to "Scripts and Executables". We >>>>> have also tried with setting IIS to Allow Anonymous, which moves >>>>> the error out to the SQL connection (with the error message of >>>>> "can't make a connection for user NULL"). Even if anonymous did >>>>> work, it would be a problem for us since the application we are >>>>> using requires the username to be accessible. >>>>> >>>>> The SQL server is in a different domain from development machine, >>>>> however a trust relationship exists between the two domains. We >>>>> have verified that the trust works by opening the NorthWind >>>>> database in Enterprise Manager on the development machine. >>>>> >>>>> Can anyone tell us what we are doing wrong here? >>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
A few pages ago theres a thread on what sounds like a similar problem that
was answered well. If you do a search for this string
"ASP.Net Impersonation Problem"
You should come up with it at the top of the list of results. The post talks
about credential forwarding, impersonation and authentication. Which I
believe, is what you're currently having problems with.
Hope that helps!
Steve.
"Ron L" wrote: Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... Have you set the remoting client to pass the default credentials to the server? If so, how? Also, what happens when you attempt to browse to the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message news:eg**************@TK2MSFTNGP14.phx.gbl... We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of our users will have accounts in the destination domain, we want to have IIS handle the security for us and not allow anonymous. We have set this up with one of our development clients and servers, but when we try to connect we get the following error message: An unhandled exception of type 'System.Net.WebException' occurred in mscorlib.dll
Additional information: the remote server returned an error: (401) Unauthorized. Our configuration is this: Component Running on Module1 the development machine RemotingTest IIS on the development machine NorthWind DB SQL Server on another server
IIS is configured for Windows Authentication, and the directory with the RemotingTest object has "Script Source Access" set and the Execute Permissions are set to "Scripts and Executables". We have also tried with setting IIS to Allow Anonymous, which moves the error out to the SQL connection (with the error message of "can't make a connection for user NULL"). Even if anonymous did work, it would be a problem for us since the application we are using requires the username to be accessible.
The SQL server is in a different domain from development machine, however a trust relationship exists between the two domains. We have verified that the trust works by opening the NorthWind database in Enterprise Manager on the development machine.
Can anyone tell us what we are doing wrong here?
The problem described by Ron is extremely unlike to involve Kerberos
double-hop issues since the authorization error is occurring on the first
hop. This doesn't mean that he might not also eventually encounter an issue
on the second hop (if any), but he'll need to actually get code running on
the server before this becomes a problem. <g>
"Steve" <St***@discussions.microsoft.com> wrote in message
news:95**********************************@microsof t.com... A few pages ago theres a thread on what sounds like a similar problem that was answered well. If you do a search for this string
"ASP.Net Impersonation Problem"
You should come up with it at the top of the list of results. The post talks about credential forwarding, impersonation and authentication. Which I believe, is what you're currently having problems with.
Hope that helps!
Steve.
"Ron L" wrote:
Nicole Thanks for your response. I am using a web.config file that I have included at the end of this message.
Ron L
--------------------------Start Web.Config ------------------------------------------------ <?xml version="1.0" encoding="utf-8" ?> <configuration>
<system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> <allow verbs="GET" users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="Off" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<identity impersonate="true" />
</system.web>
<appSettings> <!-- Trusted_Connection=yes --> <add key="ConnectionString" value="Provider=SQLOLEDB;Data Source=Dev2k;Initial Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " /> </appSettings>
<system.runtime.remoting> <application> <!-- the following section defines the classes we're exposing to clients from this host --> <service> <wellknown mode="SingleCall" objectUri = "NWInfo.rem" type = "RemotingTest.NWInfo, RemotingTest" />
</service> <channels> <channel ref="http" useDefaultCredentials="true" /> </channels> </application> </system.runtime.remoting> </configuration> -------------------------- End Web.Config ----------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uO**************@TK2MSFTNGP14.phx.gbl... > Have you set the remoting client to pass the default credentials to the > server? If so, how? Also, what happens when you attempt to browse to > the > server URL in IE? > > > "Ron L" <ro**@bogus.Address.com> wrote in message > news:eg**************@TK2MSFTNGP14.phx.gbl... >> We are working on a distributed VB.Net application which will access a >> SQL database located on a known server. Each client will run on the >> user's local machine. To implement this, we are trying to use >> remoting >> for our access to the SQL server, with the remoting being via IIS. >> Since >> all of our users will have accounts in the destination domain, we want >> to >> have IIS handle the security for us and not allow anonymous. We have >> set >> this up with one of our development clients and servers, but when we >> try >> to connect we get the following error message: >> An unhandled exception of type 'System.Net.WebException' occurred >> in >> mscorlib.dll >> >> Additional information: the remote server returned an error: >> (401) >> Unauthorized. >> >> >> >> Our configuration is this: >> Component Running on >> Module1 the development machine >> RemotingTest IIS on the development machine >> NorthWind DB SQL Server on another server >> >> IIS is configured for Windows Authentication, and the directory with >> the >> RemotingTest object has "Script Source Access" set and the Execute >> Permissions are set to "Scripts and Executables". We have also tried >> with setting IIS to Allow Anonymous, which moves the error out to the >> SQL >> connection (with the error message of "can't make a connection for >> user >> NULL"). Even if anonymous did work, it would be a problem for us >> since >> the application we are using requires the username to be accessible. >> >> The SQL server is in a different domain from development machine, >> however >> a trust relationship exists between the two domains. We have verified >> that the trust works by opening the NorthWind database in Enterprise >> Manager on the development machine. >> >> Can anyone tell us what we are doing wrong here? >> >> >> > >
Nicole
I downloaded the example you suggested, and I can get it working from
the command line version; however when I try to set it up in Visual Studio,
I get the following error in the first line of the
ServerClass::GetServerString():
An unhandled exception of type 'System.NullReferenceException'
occurred in msremotingexample.dll
Additional information: Object reference not set to an instance of
an object.
I set up a solution (MSRemotingExample) with 2 projects: client and
ServiceClass. ServiceClass was set up as an empty web project, and the
ServiceClass.cs and Web.Config files placed in the project. The client
project was setup as a console application class and the client.cs and
App.Config files added.
Any thoughts?
Thanks,
Ron L
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uC**************@TK2MSFTNGP10.phx.gbl... I can't see any obvious problems in your code. Do you still get a 401 error if you try to reproduce the simple sample from http://msdn.microsoft.com/library/en...tinginiis.asp? If not, what happens if you modify the client to use programmatic configuration of the URL and credentials instead of reading these from the config file? "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@tk2msftngp13.phx.gbl... Nicole I have found the code you referenced as an example:
IDictionary channelProperties; channelProperties = ChannelServices.GetChannelSinkProperties(proxy); channelProperties ["credentials"] = CredentialCache.DefaultCredentials;
The thing I am not able to come up with is where the variable "proxy" is set and what is it? If I try making it be the RemotingInterface object in the code below, I still get my (401) Unauthorized error. Can you clear this up for me?
TIA Ron L
------------------------------ Code Stub ------------------------------------------- Sub Main() Dim _NWInfo As iNWInfo Dim serverURL As String = "http://localhost/dotNET/RemotingTest/NWInfo.rem"
Console.WriteLine("Welcome to the client application.")
_NWInfo = CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL), RemotingInterface.iNWInfo)
Dim channelProperties As IDictionary channelProperties = ChannelServices.GetChannelSinkProperties(_NWInfo) channelProperties("credentials") = System.Net.CredentialCache.DefaultCredentials Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)
Dim dt As DataTable Dim row As DataRow dt = _NWInfo.GetMostExpensiveProducts For Each row In dt.Rows Console.WriteLine(row.Item(0)) Next Console.WriteLine("Press the <enter> key to exit.") Console.Read() End Sub ------------------------------\Code Stub ------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OE**************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@TK2MSFTNGP15.phx.gbl... Nicole I have been attempting to wade through the reference you gave me (it was the same reference that Gregory gave). What I want my application to be able to do is to try the credentials of the currently logged in user, and if that fails prompt the user for a username and password. Is this two different instances of using specific credentials, or is it one instance of using default credentials and one of using specific credentials?
If you want to allow falling back to user-provided credentials, you'll need to do at least two things:
1. Use programmatic configuration of the credentials in your client application rather than specifying the credentials using channel attributes in the configuration file. An example of the programmatic approach is shown in the "Programmatic configuration" section of the ".NET Remoting Security" reference.
2. Adjust the client code in #1 to attempt to connect to the server and, if authentication fails, prompt the user for custom credentials then switch over to using those credentials. An example of setting the proxy to use such credentials is shown in the "Using specific credentials" section of the ".NET Remoting Security" reference. As to disabling automatic login (setting it to anonymous in Local Intranet, and trusted sites), I get the "You are not authorized to view this page" error page.
Good news since this means that the user credentials automatically provided by IE prior to disabling this behaviour were authenticating successfully and permitting access to the server. Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:u%****************@TK2MSFTNGP12.phx.gbl... > "Ron L" <ro**@bogus.Address.com> wrote in message > news:uI**************@TK2MSFTNGP10.phx.gbl... >> Nicole >> I guess I don't know how I am specifying the credentials on the >> client side. > > Then chances are very good that the client credentials aren't being > passed. See > http://msdn.microsoft.com/library/en...SecNetch11.asp > (particularly the "Passing Credentials for Authentication to Remote > Objects" section) for possible approaches. > > >> As I said to Gregory, I was assuming that IIS handled the credentials >> as it does for ASP. > > IIS will perform the user authentication, but only if the user's > credentials are passed from the client machine, which is something > that IIS cannot do. The transparent passing of client credentials that > you see when using IE to browse a Windows-authenticated intranet site > is because IE is configured to pass those credentials without user > intervention. You'll need to make it possible for your client > application to pass the same credentials. > > >> As to accessing the server, if I enter the following URL: >> http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl >> >> I get an automatically generated web page listing the message names, >> port names, binding names, etc. > > What happens if you disable the intranet zone automatic logon in IE? > > >> >> Ron L >> >> >> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >> message news:%2****************@TK2MSFTNGP09.phx.gbl... >>> That looks like your server config file, which isn't what I was >>> asking about. On the client, how are you specifying the credentials >>> that should be sent to the server? (If you don't know what this >>> question means, chances are excellent that you're not sending any >>> credentials, which would explain the authentication problem. <g>) >>> Also, could you please check if you can access the server via IE? >>> >>> >>> >>> "Ron L" <ro**@bogus.Address.com> wrote in message >>> news:O%****************@TK2MSFTNGP15.phx.gbl... >>>> Nicole >>>> Thanks for your response. I am using a web.config file that I >>>> have included at the end of this message. >>>> >>>> Ron L >>>> >>>> --------------------------Start >>>> Web.Config ------------------------------------------------ >>>> <?xml version="1.0" encoding="utf-8" ?> >>>> <configuration> >>>> >>>> <system.web> >>>> <compilation defaultLanguage="vb" debug="true" /> >>>> <customErrors mode="RemoteOnly" /> >>>> <authentication mode="Windows" /> >>>> <authorization> >>>> <allow users="*" /> <!-- Allow all users --> >>>> <allow verbs="GET" users="*" /> >>>> </authorization> >>>> <trace enabled="false" requestLimit="10" pageOutput="false" >>>> traceMode="SortByTime" localOnly="true" /> >>>> <sessionState >>>> mode="Off" >>>> /> >>>> <globalization requestEncoding="utf-8" responseEncoding="utf-8" >>>> /> >>>> >>>> <identity impersonate="true" /> >>>> >>>> </system.web> >>>> >>>> <appSettings> >>>> <!-- Trusted_Connection=yes --> >>>> <add key="ConnectionString" >>>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial >>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " >>>> /> >>>> </appSettings> >>>> >>>> <system.runtime.remoting> >>>> <application> >>>> <!-- the following section defines the classes we're exposing to >>>> clients from this host --> >>>> <service> >>>> <wellknown mode="SingleCall" >>>> objectUri = "NWInfo.rem" >>>> type = "RemotingTest.NWInfo, RemotingTest" /> >>>> >>>> </service> >>>> <channels> >>>> <channel ref="http" >>>> useDefaultCredentials="true" /> >>>> </channels> >>>> </application> >>>> </system.runtime.remoting> >>>> </configuration> >>>> -------------------------- End >>>> Web.Config ----------------------------------------------- >>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>>> message news:uO**************@TK2MSFTNGP14.phx.gbl... >>>>> Have you set the remoting client to pass the default credentials >>>>> to the server? If so, how? Also, what happens when you attempt >>>>> to browse to the server URL in IE? >>>>> >>>>> >>>>> "Ron L" <ro**@bogus.Address.com> wrote in message >>>>> news:eg**************@TK2MSFTNGP14.phx.gbl... >>>>>> We are working on a distributed VB.Net application which will >>>>>> access a SQL database located on a known server. Each client >>>>>> will run on the user's local machine. To implement this, we are >>>>>> trying to use remoting for our access to the SQL server, with the >>>>>> remoting being via IIS. Since all of our users will have accounts >>>>>> in the destination domain, we want to have IIS handle the >>>>>> security for us and not allow anonymous. We have set this up with >>>>>> one of our development clients and servers, but when we try to >>>>>> connect we get the following error message: >>>>>> An unhandled exception of type 'System.Net.WebException' >>>>>> occurred in mscorlib.dll >>>>>> >>>>>> Additional information: the remote server returned an error: >>>>>> (401) Unauthorized. >>>>>> >>>>>> >>>>>> >>>>>> Our configuration is this: >>>>>> Component Running on >>>>>> Module1 the development machine >>>>>> RemotingTest IIS on the development machine >>>>>> NorthWind DB SQL Server on another server >>>>>> >>>>>> IIS is configured for Windows Authentication, and the directory >>>>>> with the RemotingTest object has "Script Source Access" set and >>>>>> the Execute Permissions are set to "Scripts and Executables". We >>>>>> have also tried with setting IIS to Allow Anonymous, which moves >>>>>> the error out to the SQL connection (with the error message of >>>>>> "can't make a connection for user NULL"). Even if anonymous did >>>>>> work, it would be a problem for us since the application we are >>>>>> using requires the username to be accessible. >>>>>> >>>>>> The SQL server is in a different domain from development machine, >>>>>> however a trust relationship exists between the two domains. We >>>>>> have verified that the trust works by opening the NorthWind >>>>>> database in Enterprise Manager on the development machine. >>>>>> >>>>>> Can anyone tell us what we are doing wrong here? >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Nicole
I got it to work. The final code on the client side was:
Private Sub ClientForm_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles
MyBase.Load
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"
txtResults.Text = "Welcome to the client application." & vbCrLf
txtResults.Text += "Console Identity: " +
WindowsIdentity.GetCurrent().Name
_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL),
RemotingInterface.iNWInfo)
Dim channelproperties As IDictionary
channelproperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelproperties("credentials") =
CredentialCache.DefaultCredentials
txtResults.Text = txtResults.Text & vbCrLf & vbCrLf & "Trying to get
the text message: "
Try
txtResults.Text = txtResults.Text & vbCrLf & _NWInfo.GetMessage
Catch ex As Exception
txtResults.Text = txtResults.Text & vbCrLf & ex.Message
End Try
txtResults.Text = txtResults.Text & vbCrLf & vbCrLf & "Trying
GetMostExpensiveProducts: "
Try
Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
txtResults.Text = txtResults.Text & vbCrLf & row.Item(0)
Next
Catch ex As Exception
txtResults.Text = txtResults.Text & vbCrLf & ex.Message
End Try
txtResults.SelectionLength = 0
End Sub
I had a series of cascading errors in the previous code that I finally
managed to untangle today.
Thank you for the help.
Ron L
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uC**************@TK2MSFTNGP10.phx.gbl... I can't see any obvious problems in your code. Do you still get a 401 error if you try to reproduce the simple sample from http://msdn.microsoft.com/library/en...tinginiis.asp? If not, what happens if you modify the client to use programmatic configuration of the URL and credentials instead of reading these from the config file? "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@tk2msftngp13.phx.gbl... Nicole I have found the code you referenced as an example:
IDictionary channelProperties; channelProperties = ChannelServices.GetChannelSinkProperties(proxy); channelProperties ["credentials"] = CredentialCache.DefaultCredentials;
The thing I am not able to come up with is where the variable "proxy" is set and what is it? If I try making it be the RemotingInterface object in the code below, I still get my (401) Unauthorized error. Can you clear this up for me?
TIA Ron L
------------------------------ Code Stub ------------------------------------------- Sub Main() Dim _NWInfo As iNWInfo Dim serverURL As String = "http://localhost/dotNET/RemotingTest/NWInfo.rem"
Console.WriteLine("Welcome to the client application.")
_NWInfo = CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL), RemotingInterface.iNWInfo)
Dim channelProperties As IDictionary channelProperties = ChannelServices.GetChannelSinkProperties(_NWInfo) channelProperties("credentials") = System.Net.CredentialCache.DefaultCredentials Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)
Dim dt As DataTable Dim row As DataRow dt = _NWInfo.GetMostExpensiveProducts For Each row In dt.Rows Console.WriteLine(row.Item(0)) Next Console.WriteLine("Press the <enter> key to exit.") Console.Read() End Sub ------------------------------\Code Stub ------------------------------------------- "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OE**************@TK2MSFTNGP12.phx.gbl... "Ron L" <ro**@bogus.Address.com> wrote in message news:%2****************@TK2MSFTNGP15.phx.gbl... Nicole I have been attempting to wade through the reference you gave me (it was the same reference that Gregory gave). What I want my application to be able to do is to try the credentials of the currently logged in user, and if that fails prompt the user for a username and password. Is this two different instances of using specific credentials, or is it one instance of using default credentials and one of using specific credentials?
If you want to allow falling back to user-provided credentials, you'll need to do at least two things:
1. Use programmatic configuration of the credentials in your client application rather than specifying the credentials using channel attributes in the configuration file. An example of the programmatic approach is shown in the "Programmatic configuration" section of the ".NET Remoting Security" reference.
2. Adjust the client code in #1 to attempt to connect to the server and, if authentication fails, prompt the user for custom credentials then switch over to using those credentials. An example of setting the proxy to use such credentials is shown in the "Using specific credentials" section of the ".NET Remoting Security" reference. As to disabling automatic login (setting it to anonymous in Local Intranet, and trusted sites), I get the "You are not authorized to view this page" error page.
Good news since this means that the user credentials automatically provided by IE prior to disabling this behaviour were authenticating successfully and permitting access to the server. Ron L "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:u%****************@TK2MSFTNGP12.phx.gbl... > "Ron L" <ro**@bogus.Address.com> wrote in message > news:uI**************@TK2MSFTNGP10.phx.gbl... >> Nicole >> I guess I don't know how I am specifying the credentials on the >> client side. > > Then chances are very good that the client credentials aren't being > passed. See > http://msdn.microsoft.com/library/en...SecNetch11.asp > (particularly the "Passing Credentials for Authentication to Remote > Objects" section) for possible approaches. > > >> As I said to Gregory, I was assuming that IIS handled the credentials >> as it does for ASP. > > IIS will perform the user authentication, but only if the user's > credentials are passed from the client machine, which is something > that IIS cannot do. The transparent passing of client credentials that > you see when using IE to browse a Windows-authenticated intranet site > is because IE is configured to pass those credentials without user > intervention. You'll need to make it possible for your client > application to pass the same credentials. > > >> As to accessing the server, if I enter the following URL: >> http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl >> >> I get an automatically generated web page listing the message names, >> port names, binding names, etc. > > What happens if you disable the intranet zone automatic logon in IE? > > >> >> Ron L >> >> >> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >> message news:%2****************@TK2MSFTNGP09.phx.gbl... >>> That looks like your server config file, which isn't what I was >>> asking about. On the client, how are you specifying the credentials >>> that should be sent to the server? (If you don't know what this >>> question means, chances are excellent that you're not sending any >>> credentials, which would explain the authentication problem. <g>) >>> Also, could you please check if you can access the server via IE? >>> >>> >>> >>> "Ron L" <ro**@bogus.Address.com> wrote in message >>> news:O%****************@TK2MSFTNGP15.phx.gbl... >>>> Nicole >>>> Thanks for your response. I am using a web.config file that I >>>> have included at the end of this message. >>>> >>>> Ron L >>>> >>>> --------------------------Start >>>> Web.Config ------------------------------------------------ >>>> <?xml version="1.0" encoding="utf-8" ?> >>>> <configuration> >>>> >>>> <system.web> >>>> <compilation defaultLanguage="vb" debug="true" /> >>>> <customErrors mode="RemoteOnly" /> >>>> <authentication mode="Windows" /> >>>> <authorization> >>>> <allow users="*" /> <!-- Allow all users --> >>>> <allow verbs="GET" users="*" /> >>>> </authorization> >>>> <trace enabled="false" requestLimit="10" pageOutput="false" >>>> traceMode="SortByTime" localOnly="true" /> >>>> <sessionState >>>> mode="Off" >>>> /> >>>> <globalization requestEncoding="utf-8" responseEncoding="utf-8" >>>> /> >>>> >>>> <identity impersonate="true" /> >>>> >>>> </system.web> >>>> >>>> <appSettings> >>>> <!-- Trusted_Connection=yes --> >>>> <add key="ConnectionString" >>>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial >>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " >>>> /> >>>> </appSettings> >>>> >>>> <system.runtime.remoting> >>>> <application> >>>> <!-- the following section defines the classes we're exposing to >>>> clients from this host --> >>>> <service> >>>> <wellknown mode="SingleCall" >>>> objectUri = "NWInfo.rem" >>>> type = "RemotingTest.NWInfo, RemotingTest" /> >>>> >>>> </service> >>>> <channels> >>>> <channel ref="http" >>>> useDefaultCredentials="true" /> >>>> </channels> >>>> </application> >>>> </system.runtime.remoting> >>>> </configuration> >>>> -------------------------- End >>>> Web.Config ----------------------------------------------- >>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>>> message news:uO**************@TK2MSFTNGP14.phx.gbl... >>>>> Have you set the remoting client to pass the default credentials >>>>> to the server? If so, how? Also, what happens when you attempt >>>>> to browse to the server URL in IE? >>>>> >>>>> >>>>> "Ron L" <ro**@bogus.Address.com> wrote in message >>>>> news:eg**************@TK2MSFTNGP14.phx.gbl... >>>>>> We are working on a distributed VB.Net application which will >>>>>> access a SQL database located on a known server. Each client >>>>>> will run on the user's local machine. To implement this, we are >>>>>> trying to use remoting for our access to the SQL server, with the >>>>>> remoting being via IIS. Since all of our users will have accounts >>>>>> in the destination domain, we want to have IIS handle the >>>>>> security for us and not allow anonymous. We have set this up with >>>>>> one of our development clients and servers, but when we try to >>>>>> connect we get the following error message: >>>>>> An unhandled exception of type 'System.Net.WebException' >>>>>> occurred in mscorlib.dll >>>>>> >>>>>> Additional information: the remote server returned an error: >>>>>> (401) Unauthorized. >>>>>> >>>>>> >>>>>> >>>>>> Our configuration is this: >>>>>> Component Running on >>>>>> Module1 the development machine >>>>>> RemotingTest IIS on the development machine >>>>>> NorthWind DB SQL Server on another server >>>>>> >>>>>> IIS is configured for Windows Authentication, and the directory >>>>>> with the RemotingTest object has "Script Source Access" set and >>>>>> the Execute Permissions are set to "Scripts and Executables". We >>>>>> have also tried with setting IIS to Allow Anonymous, which moves >>>>>> the error out to the SQL connection (with the error message of >>>>>> "can't make a connection for user NULL"). Even if anonymous did >>>>>> work, it would be a problem for us since the application we are >>>>>> using requires the username to be accessible. >>>>>> >>>>>> The SQL server is in a different domain from development machine, >>>>>> however a trust relationship exists between the two domains. We >>>>>> have verified that the trust works by opening the NorthWind >>>>>> database in Enterprise Manager on the development machine. >>>>>> >>>>>> Can anyone tell us what we are doing wrong here? >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: bettervssremoting |
last post by:
To view the full article, please visit
http://www.BetterVssRemoting.com
Better VSS Remote Access Tool
This article makes a detailed comparison among SourceAnyWhere,
SourceOffSite, VSS...
|
by: mayamorning123 |
last post by:
A comparison among six VSS remote tools including SourceOffSite ,
SourceAnyWhere, VSS Connect, SourceXT, VSS Remoting, VSS.NET
To view the full article, please visit...
|
by: bettervssremoting |
last post by:
To view the full article, please visit
http://www.BetterVssRemoting.com
Better VSS Remote Access Tool including SourceOffSite, SourceAnyWhere
and VSS Remoting
This article makes a detailed...
|
by: David Krmpotic |
last post by:
Hi All!
I have a .NET remoting Client-Server application with Server Activated
Objects only..
something is worrying me.. sometimes (rarely), I can't connect to the server
although it is...
|
by: bettervssremoting |
last post by:
To view the full article, please visit
http://www.BetterVssRemoting.com
Better VSS Remote Access Tool
This article makes a detailed comparison among SourceAnyWhere,
SourceOffSite, VSS...
|
by: Martijn Damen |
last post by:
Hi,
At the moment I am trying to develop an application that uses another app
over .net remoting and having some problems with it (ok, that is ofcourse
why I am here), hope somebody can shine a...
|
by: LGHummel |
last post by:
I'm trying to host a remoting app in IIS and am getting the following error:
Failed to execute the request because the ASP.NET process identity does not
have read permissions to the global...
|
by: swartzbill2000 |
last post by:
Hello,
I am trying to build and run the Remoting Sample from MSDN. Everything
compiles. The Listener appears to run. The Client throws this
RemotingException:
A first chance exception of type...
|
by: Thomee Wright |
last post by:
I'm having a problem with a pair of applications I'm developing. I have a
server application which interacts with several instruments, and a client app
which connects to the server and provides a...
|
by: Kristian Reukauff |
last post by:
Hi
I have a problem with the .Net-Securty-Functions.
I've got a client and a server.
When I try to register a channel at the server with this line:
ChannelServices.RegisterChannel(chan, false);...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |