Remoting Problem

We are working on a distributed VB.Net application which will access a SQL
database located on a known server. Each client will run on the user's
local machine. To implement this, we are trying to use remoting for our
access to the SQL server, with the remoting being via IIS. Since all of
our users will have accounts in the destination domain, we want to have
IIS handle the security for us and not allow anonymous. We have set this
up with one of our development clients and servers, but when we try to
connect we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried with
setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since
the application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however
a trust relationship exists between the two domains. We have verified
that the trust works by opening the NorthWind database in Enterprise
Manager on the development machine.

Can anyone tell us what we are doing wrong here?

We are working on a distributed VB.Net application which will access a SQL
database located on a known server. Each client will run on the user's
local machine. To implement this, we are trying to use remoting for our
access to the SQL server, with the remoting being via IIS. Since all of our
users will have accounts in the destination domain, we want to have IIS
handle the security for us and not allow anonymous. We have set this up
with one of our development clients and servers, but when we try to connect
we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried with
setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since the
application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however a
trust relationship exists between the two domains. We have verified that
the trust works by opening the NorthWind database in Enterprise Manager on
the development machine.

Can anyone tell us what we are doing wrong here?

Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to the
server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl...

We are working on a distributed VB.Net application which will access a
SQL database located on a known server. Each client will run on the
user's local machine. To implement this, we are trying to use remoting
for our access to the SQL server, with the remoting being via IIS. Since
all of our users will have accounts in the destination domain, we want to
have IIS handle the security for us and not allow anonymous. We have set
this up with one of our development clients and servers, but when we try
to connect we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried
with setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since
the application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however
a trust relationship exists between the two domains. We have verified
that the trust works by opening the NorthWind database in Enterprise
Manager on the development machine.

Can anyone tell us what we are doing wrong here?

The issue is IIS connections are anonymous until login. With a local app,
you
do not get a logon box, so you stay anon. Boom!!!

Good starting point:
http://msdn.microsoft.com/library/en...SecNetch11.asp

I assume you are using HTTP as transport (IIS) as you want the built in
authentication methods. That is fine, but realize you will have to have
the
user log in, or have the machines set up to automatically use the user's
account. Network admins can push this out, via policy, to avoid
individually
setting up machines.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Ron L" wrote:

We are working on a distributed VB.Net application which will access a
SQL
database located on a known server. Each client will run on the user's
local machine. To implement this, we are trying to use remoting for our
access to the SQL server, with the remoting being via IIS. Since all of
our
users will have accounts in the destination domain, we want to have IIS
handle the security for us and not allow anonymous. We have set this up
with one of our development clients and servers, but when we try to
connect
we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred
in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried
with
setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since
the
application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however
a
trust relationship exists between the two domains. We have verified that
the trust works by opening the NorthWind database in Enterprise Manager
on
the development machine.

Can anyone tell us what we are doing wrong here?

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to clients
from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO**************@TK2MSFTNGP14.phx.gbl...

Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to
the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl...

We are working on a distributed VB.Net application which will access a
SQL database located on a known server. Each client will run on the
user's local machine. To implement this, we are trying to use remoting
for our access to the SQL server, with the remoting being via IIS.
Since all of our users will have accounts in the destination domain, we
want to have IIS handle the security for us and not allow anonymous. We
have set this up with one of our development clients and servers, but
when we try to connect we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred
in mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried
with setting IIS to Allow Anonymous, which moves the error out to the
SQL connection (with the error message of "can't make a connection for
user NULL"). Even if anonymous did work, it would be a problem for us
since the application we are using requires the username to be
accessible.

The SQL server is in a different domain from development machine,
however a trust relationship exists between the two domains. We have
verified that the trust works by opening the NorthWind database in
Enterprise Manager on the development machine.

Can anyone tell us what we are doing wrong here?

That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that should
be sent to the server? (If you don't know what this question means,
chances are excellent that you're not sending any credentials, which would
explain the authentication problem. <g>) Also, could you please check if
you can access the server via IE?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:O%****************@TK2MSFTNGP15.phx.gbl...

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO**************@TK2MSFTNGP14.phx.gbl...

Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to
the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl...
We are working on a distributed VB.Net application which will access a
SQL database located on a known server. Each client will run on the
user's local machine. To implement this, we are trying to use remoting
for our access to the SQL server, with the remoting being via IIS.
Since all of our users will have accounts in the destination domain, we
want to have IIS handle the security for us and not allow anonymous.
We have set this up with one of our development clients and servers,
but when we try to connect we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred
in mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with
the RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried
with setting IIS to Allow Anonymous, which moves the error out to the
SQL connection (with the error message of "can't make a connection for
user NULL"). Even if anonymous did work, it would be a problem for us
since the application we are using requires the username to be
accessible.

The SQL server is in a different domain from development machine,
however a trust relationship exists between the two domains. We have
verified that the trust works by opening the NorthWind database in
Enterprise Manager on the development machine.

Can anyone tell us what we are doing wrong here?

Nicole
I guess I don't know how I am specifying the credentials on the client
side.
Then chances are very good that the client credentials aren't being passed.
See http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote Objects"
section) for possible approaches.

As I said to Gregory, I was assuming that IIS handled the credentials as
it does for ASP.
IIS will perform the user authentication, but only if the user's credentials
are passed from the client machine, which is something that IIS cannot do.
The transparent passing of client credentials that you see when using IE to
browse a Windows-authenticated intranet site is because IE is configured to
pass those credentials without user intervention. You'll need to make it
possible for your client application to pass the same credentials.

As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names, port
names, binding names, etc.
What happens if you disable the intranet zone automatic logon in IE?


Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...

That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that should
be sent to the server? (If you don't know what this question means,
chances are excellent that you're not sending any credentials, which
would explain the authentication problem. <g>) Also, could you please
check if you can access the server via IE?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:O%****************@TK2MSFTNGP15.phx.gbl...

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:uO**************@TK2MSFTNGP14.phx.gbl...
Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to
the server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl...
> We are working on a distributed VB.Net application which will access a
> SQL database located on a known server. Each client will run on the
> user's local machine. To implement this, we are trying to use
> remoting for our access to the SQL server, with the remoting being via
> IIS. Since all of our users will have accounts in the destination
> domain, we want to have IIS handle the security for us and not allow
> anonymous. We have set this up with one of our development clients and
> servers, but when we try to connect we get the following error
> message:
> An unhandled exception of type 'System.Net.WebException' occurred
> in mscorlib.dll
>
> Additional information: the remote server returned an error:
> (401) Unauthorized.
>
>
>
> Our configuration is this:
> Component Running on
> Module1 the development machine
> RemotingTest IIS on the development machine
> NorthWind DB SQL Server on another server
>
> IIS is configured for Windows Authentication, and the directory with
> the RemotingTest object has "Script Source Access" set and the Execute
> Permissions are set to "Scripts and Executables". We have also tried
> with setting IIS to Allow Anonymous, which moves the error out to the
> SQL connection (with the error message of "can't make a connection for
> user NULL"). Even if anonymous did work, it would be a problem for us
> since the application we are using requires the username to be
> accessible.
>
> The SQL server is in a different domain from development machine,
> however a trust relationship exists between the two domains. We have
> verified that the trust works by opening the NorthWind database in
> Enterprise Manager on the development machine.
>
> Can anyone tell us what we are doing wrong here?
>
>
>

"Ron L" <ro**@bogus.Address.com> wrote in message
news:uI**************@TK2MSFTNGP10.phx.gbl...

Nicole
I guess I don't know how I am specifying the credentials on the client
side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.

As I said to Gregory, I was assuming that IIS handled the credentials as
it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something that
IIS cannot do. The transparent passing of client credentials that you see
when using IE to browse a Windows-authenticated intranet site is because
IE is configured to pass those credentials without user intervention.
You'll need to make it possible for your client application to pass the
same credentials.

As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names, port
names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...

That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that
should be sent to the server? (If you don't know what this question
means, chances are excellent that you're not sending any credentials,
which would explain the authentication problem. <g>) Also, could you
please check if you can access the server via IE?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:O%****************@TK2MSFTNGP15.phx.gbl...
Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:uO**************@TK2MSFTNGP14.phx.gbl...
> Have you set the remoting client to pass the default credentials to
> the server? If so, how? Also, what happens when you attempt to
> browse to the server URL in IE?
>
>
> "Ron L" <ro**@bogus.Address.com> wrote in message
> news:eg**************@TK2MSFTNGP14.phx.gbl...
>> We are working on a distributed VB.Net application which will access
>> a SQL database located on a known server. Each client will run on
>> the user's local machine. To implement this, we are trying to use
>> remoting for our access to the SQL server, with the remoting being
>> via IIS. Since all of our users will have accounts in the destination
>> domain, we want to have IIS handle the security for us and not allow
>> anonymous. We have set this up with one of our development clients
>> and servers, but when we try to connect we get the following error
>> message:
>> An unhandled exception of type 'System.Net.WebException'
>> occurred in mscorlib.dll
>>
>> Additional information: the remote server returned an error:
>> (401) Unauthorized.
>>
>>
>>
>> Our configuration is this:
>> Component Running on
>> Module1 the development machine
>> RemotingTest IIS on the development machine
>> NorthWind DB SQL Server on another server
>>
>> IIS is configured for Windows Authentication, and the directory with
>> the RemotingTest object has "Script Source Access" set and the
>> Execute Permissions are set to "Scripts and Executables". We have
>> also tried with setting IIS to Allow Anonymous, which moves the error
>> out to the SQL connection (with the error message of "can't make a
>> connection for user NULL"). Even if anonymous did work, it would be
>> a problem for us since the application we are using requires the
>> username to be accessible.
>>
>> The SQL server is in a different domain from development machine,
>> however a trust relationship exists between the two domains. We have
>> verified that the trust works by opening the NorthWind database in
>> Enterprise Manager on the development machine.
>>
>> Can anyone tell us what we are doing wrong here?
>>
>>
>>
>
>

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application to
be able to do is to try the credentials of the currently logged in user,
and if that fails prompt the user for a username and password. Is this
two different instances of using specific credentials, or is it one
instance of using default credentials and one of using specific
credentials?
If you want to allow falling back to user-provided credentials, you'll need
to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel attributes
in the configuration file. An example of the programmatic approach is shown
in the "Programmatic configuration" section of the ".NET Remoting Security"
reference.

2. Adjust the client code in #1 to attempt to connect to the server and, if
authentication fails, prompt the user for custom credentials then switch
over to using those credentials. An example of setting the proxy to use
such credentials is shown in the "Using specific credentials" section of the
".NET Remoting Security" reference.
As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.
Good news since this means that the user credentials automatically provided
by IE prior to disabling this behaviour were authenticating successfully and
permitting access to the server.


Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u%****************@TK2MSFTNGP12.phx.gbl...

"Ron L" <ro**@bogus.Address.com> wrote in message
news:uI**************@TK2MSFTNGP10.phx.gbl...

Nicole
I guess I don't know how I am specifying the credentials on the
client side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.

As I said to Gregory, I was assuming that IIS handled the credentials as
it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something that
IIS cannot do. The transparent passing of client credentials that you see
when using IE to browse a Windows-authenticated intranet site is because
IE is configured to pass those credentials without user intervention.
You'll need to make it possible for your client application to pass the
same credentials.

As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names,
port names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that
should be sent to the server? (If you don't know what this question
means, chances are excellent that you're not sending any credentials,
which would explain the authentication problem. <g>) Also, could you
please check if you can access the server via IE?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:O%****************@TK2MSFTNGP15.phx.gbl...
> Nicole
> Thanks for your response. I am using a web.config file that I have
> included at the end of this message.
>
> Ron L
>
> --------------------------Start
> Web.Config ------------------------------------------------
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
>
> <system.web>
> <compilation defaultLanguage="vb" debug="true" />
> <customErrors mode="RemoteOnly" />
> <authentication mode="Windows" />
> <authorization>
> <allow users="*" /> <!-- Allow all users -->
> <allow verbs="GET" users="*" />
> </authorization>
> <trace enabled="false" requestLimit="10" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
> <sessionState
> mode="Off"
> />
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>
> <identity impersonate="true" />
>
> </system.web>
>
> <appSettings>
> <!-- Trusted_Connection=yes -->
> <add key="ConnectionString"
> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
> </appSettings>
>
> <system.runtime.remoting>
> <application>
> <!-- the following section defines the classes we're exposing to
> clients from this host -->
> <service>
> <wellknown mode="SingleCall"
> objectUri = "NWInfo.rem"
> type = "RemotingTest.NWInfo, RemotingTest" />
>
> </service>
> <channels>
> <channel ref="http"
> useDefaultCredentials="true" />
> </channels>
> </application>
> </system.runtime.remoting>
> </configuration>
> -------------------------- End
> Web.Config -----------------------------------------------
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message news:uO**************@TK2MSFTNGP14.phx.gbl...
>> Have you set the remoting client to pass the default credentials to
>> the server? If so, how? Also, what happens when you attempt to
>> browse to the server URL in IE?
>>
>>
>> "Ron L" <ro**@bogus.Address.com> wrote in message
>> news:eg**************@TK2MSFTNGP14.phx.gbl...
>>> We are working on a distributed VB.Net application which will access
>>> a SQL database located on a known server. Each client will run on
>>> the user's local machine. To implement this, we are trying to use
>>> remoting for our access to the SQL server, with the remoting being
>>> via IIS. Since all of our users will have accounts in the
>>> destination domain, we want to have IIS handle the security for us
>>> and not allow anonymous. We have set this up with one of our
>>> development clients and servers, but when we try to connect we get
>>> the following error message:
>>> An unhandled exception of type 'System.Net.WebException'
>>> occurred in mscorlib.dll
>>>
>>> Additional information: the remote server returned an error:
>>> (401) Unauthorized.
>>>
>>>
>>>
>>> Our configuration is this:
>>> Component Running on
>>> Module1 the development machine
>>> RemotingTest IIS on the development machine
>>> NorthWind DB SQL Server on another server
>>>
>>> IIS is configured for Windows Authentication, and the directory with
>>> the RemotingTest object has "Script Source Access" set and the
>>> Execute Permissions are set to "Scripts and Executables". We have
>>> also tried with setting IIS to Allow Anonymous, which moves the
>>> error out to the SQL connection (with the error message of "can't
>>> make a connection for user NULL"). Even if anonymous did work, it
>>> would be a problem for us since the application we are using
>>> requires the username to be accessible.
>>>
>>> The SQL server is in a different domain from development machine,
>>> however a trust relationship exists between the two domains. We
>>> have verified that the trust works by opening the NorthWind database
>>> in Enterprise Manager on the development machine.
>>>
>>> Can anyone tell us what we are doing wrong here?
>>>
>>>
>>>
>>
>>
>
>

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application to
be able to do is to try the credentials of the currently logged in user,
and if that fails prompt the user for a username and password. Is this
two different instances of using specific credentials, or is it one
instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the ".NET
Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server and,
if authentication fails, prompt the user for custom credentials then
switch over to using those credentials. An example of setting the proxy
to use such credentials is shown in the "Using specific credentials"
section of the ".NET Remoting Security" reference.

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u%****************@TK2MSFTNGP12.phx.gbl...

"Ron L" <ro**@bogus.Address.com> wrote in message
news:uI**************@TK2MSFTNGP10.phx.gbl...
Nicole
I guess I don't know how I am specifying the credentials on the
client side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.
As I said to Gregory, I was assuming that IIS handled the credentials
as it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something that
IIS cannot do. The transparent passing of client credentials that you
see when using IE to browse a Windows-authenticated intranet site is
because IE is configured to pass those credentials without user
intervention. You'll need to make it possible for your client
application to pass the same credentials.
As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names,
port names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
> That looks like your server config file, which isn't what I was asking
> about. On the client, how are you specifying the credentials that
> should be sent to the server? (If you don't know what this question
> means, chances are excellent that you're not sending any credentials,
> which would explain the authentication problem. <g>) Also, could you
> please check if you can access the server via IE?
>
>
>
> "Ron L" <ro**@bogus.Address.com> wrote in message
> news:O%****************@TK2MSFTNGP15.phx.gbl...
>> Nicole
>> Thanks for your response. I am using a web.config file that I
>> have included at the end of this message.
>>
>> Ron L
>>
>> --------------------------Start
>> Web.Config ------------------------------------------------
>> <?xml version="1.0" encoding="utf-8" ?>
>> <configuration>
>>
>> <system.web>
>> <compilation defaultLanguage="vb" debug="true" />
>> <customErrors mode="RemoteOnly" />
>> <authentication mode="Windows" />
>> <authorization>
>> <allow users="*" /> <!-- Allow all users -->
>> <allow verbs="GET" users="*" />
>> </authorization>
>> <trace enabled="false" requestLimit="10" pageOutput="false"
>> traceMode="SortByTime" localOnly="true" />
>> <sessionState
>> mode="Off"
>> />
>> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>
>> <identity impersonate="true" />
>>
>> </system.web>
>>
>> <appSettings>
>> <!-- Trusted_Connection=yes -->
>> <add key="ConnectionString"
>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>> />
>> </appSettings>
>>
>> <system.runtime.remoting>
>> <application>
>> <!-- the following section defines the classes we're exposing to
>> clients from this host -->
>> <service>
>> <wellknown mode="SingleCall"
>> objectUri = "NWInfo.rem"
>> type = "RemotingTest.NWInfo, RemotingTest" />
>>
>> </service>
>> <channels>
>> <channel ref="http"
>> useDefaultCredentials="true" />
>> </channels>
>> </application>
>> </system.runtime.remoting>
>> </configuration>
>> -------------------------- End
>> Web.Config -----------------------------------------------
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message news:uO**************@TK2MSFTNGP14.phx.gbl...
>>> Have you set the remoting client to pass the default credentials to
>>> the server? If so, how? Also, what happens when you attempt to
>>> browse to the server URL in IE?
>>>
>>>
>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>> news:eg**************@TK2MSFTNGP14.phx.gbl...
>>>> We are working on a distributed VB.Net application which will
>>>> access a SQL database located on a known server. Each client will
>>>> run on the user's local machine. To implement this, we are trying
>>>> to use remoting for our access to the SQL server, with the remoting
>>>> being via IIS. Since all of our users will have accounts in the
>>>> destination domain, we want to have IIS handle the security for us
>>>> and not allow anonymous. We have set this up with one of our
>>>> development clients and servers, but when we try to connect we get
>>>> the following error message:
>>>> An unhandled exception of type 'System.Net.WebException'
>>>> occurred in mscorlib.dll
>>>>
>>>> Additional information: the remote server returned an error:
>>>> (401) Unauthorized.
>>>>
>>>>
>>>>
>>>> Our configuration is this:
>>>> Component Running on
>>>> Module1 the development machine
>>>> RemotingTest IIS on the development machine
>>>> NorthWind DB SQL Server on another server
>>>>
>>>> IIS is configured for Windows Authentication, and the directory
>>>> with the RemotingTest object has "Script Source Access" set and the
>>>> Execute Permissions are set to "Scripts and Executables". We have
>>>> also tried with setting IIS to Allow Anonymous, which moves the
>>>> error out to the SQL connection (with the error message of "can't
>>>> make a connection for user NULL"). Even if anonymous did work, it
>>>> would be a problem for us since the application we are using
>>>> requires the username to be accessible.
>>>>
>>>> The SQL server is in a different domain from development machine,
>>>> however a trust relationship exists between the two domains. We
>>>> have verified that the trust works by opening the NorthWind
>>>> database in Enterprise Manager on the development machine.
>>>>
>>>> Can anyone tell us what we are doing wrong here?
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] = CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object in
the code below, I still get my (401) Unauthorized error. Can you clear
this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl...

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application
to be able to do is to try the credentials of the currently logged in
user, and if that fails prompt the user for a username and password. Is
this two different instances of using specific credentials, or is it one
instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server and,
if authentication fails, prompt the user for custom credentials then
switch over to using those credentials. An example of setting the proxy
to use such credentials is shown in the "Using specific credentials"
section of the ".NET Remoting Security" reference.

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:u%****************@TK2MSFTNGP12.phx.gbl...
"Ron L" <ro**@bogus.Address.com> wrote in message
news:uI**************@TK2MSFTNGP10.phx.gbl...
> Nicole
> I guess I don't know how I am specifying the credentials on the
> client side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en...SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.
> As I said to Gregory, I was assuming that IIS handled the credentials
> as it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something that
IIS cannot do. The transparent passing of client credentials that you
see when using IE to browse a Windows-authenticated intranet site is
because IE is configured to pass those credentials without user
intervention. You'll need to make it possible for your client
application to pass the same credentials.
> As to accessing the server, if I enter the following URL:
> http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>
> I get an automatically generated web page listing the message names,
> port names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?
>
> Ron L
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>> That looks like your server config file, which isn't what I was
>> asking about. On the client, how are you specifying the credentials
>> that should be sent to the server? (If you don't know what this
>> question means, chances are excellent that you're not sending any
>> credentials, which would explain the authentication problem. <g>)
>> Also, could you please check if you can access the server via IE?
>>
>>
>>
>> "Ron L" <ro**@bogus.Address.com> wrote in message
>> news:O%****************@TK2MSFTNGP15.phx.gbl...
>>> Nicole
>>> Thanks for your response. I am using a web.config file that I
>>> have included at the end of this message.
>>>
>>> Ron L
>>>
>>> --------------------------Start
>>> Web.Config ------------------------------------------------
>>> <?xml version="1.0" encoding="utf-8" ?>
>>> <configuration>
>>>
>>> <system.web>
>>> <compilation defaultLanguage="vb" debug="true" />
>>> <customErrors mode="RemoteOnly" />
>>> <authentication mode="Windows" />
>>> <authorization>
>>> <allow users="*" /> <!-- Allow all users -->
>>> <allow verbs="GET" users="*" />
>>> </authorization>
>>> <trace enabled="false" requestLimit="10" pageOutput="false"
>>> traceMode="SortByTime" localOnly="true" />
>>> <sessionState
>>> mode="Off"
>>> />
>>> <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>> />
>>>
>>> <identity impersonate="true" />
>>>
>>> </system.web>
>>>
>>> <appSettings>
>>> <!-- Trusted_Connection=yes -->
>>> <add key="ConnectionString"
>>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>> />
>>> </appSettings>
>>>
>>> <system.runtime.remoting>
>>> <application>
>>> <!-- the following section defines the classes we're exposing to
>>> clients from this host -->
>>> <service>
>>> <wellknown mode="SingleCall"
>>> objectUri = "NWInfo.rem"
>>> type = "RemotingTest.NWInfo, RemotingTest" />
>>>
>>> </service>
>>> <channels>
>>> <channel ref="http"
>>> useDefaultCredentials="true" />
>>> </channels>
>>> </application>
>>> </system.runtime.remoting>
>>> </configuration>
>>> -------------------------- End
>>> Web.Config -----------------------------------------------
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:uO**************@TK2MSFTNGP14.phx.gbl...
>>>> Have you set the remoting client to pass the default credentials to
>>>> the server? If so, how? Also, what happens when you attempt to
>>>> browse to the server URL in IE?
>>>>
>>>>
>>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>>> news:eg**************@TK2MSFTNGP14.phx.gbl...
>>>>> We are working on a distributed VB.Net application which will
>>>>> access a SQL database located on a known server. Each client will
>>>>> run on the user's local machine. To implement this, we are trying
>>>>> to use remoting for our access to the SQL server, with the
>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>> in the destination domain, we want to have IIS handle the security
>>>>> for us and not allow anonymous. We have set this up with one of
>>>>> our development clients and servers, but when we try to connect we
>>>>> get the following error message:
>>>>> An unhandled exception of type 'System.Net.WebException'
>>>>> occurred in mscorlib.dll
>>>>>
>>>>> Additional information: the remote server returned an error:
>>>>> (401) Unauthorized.
>>>>>
>>>>>
>>>>>
>>>>> Our configuration is this:
>>>>> Component Running on
>>>>> Module1 the development machine
>>>>> RemotingTest IIS on the development machine
>>>>> NorthWind DB SQL Server on another server
>>>>>
>>>>> IIS is configured for Windows Authentication, and the directory
>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>> the Execute Permissions are set to "Scripts and Executables". We
>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>> the error out to the SQL connection (with the error message of
>>>>> "can't make a connection for user NULL"). Even if anonymous did
>>>>> work, it would be a problem for us since the application we are
>>>>> using requires the username to be accessible.
>>>>>
>>>>> The SQL server is in a different domain from development machine,
>>>>> however a trust relationship exists between the two domains. We
>>>>> have verified that the trust works by opening the NorthWind
>>>>> database in Enterprise Manager on the development machine.
>>>>>
>>>>> Can anyone tell us what we are doing wrong here?
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to clients
from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO**************@TK2MSFTNGP14.phx.gbl...

Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to the
server URL in IE?
"Ron L" <ro**@bogus.Address.com> wrote in message
news:eg**************@TK2MSFTNGP14.phx.gbl...

We are working on a distributed VB.Net application which will access a
SQL database located on a known server. Each client will run on the
user's local machine. To implement this, we are trying to use remoting
for our access to the SQL server, with the remoting being via IIS. Since
all of our users will have accounts in the destination domain, we want to
have IIS handle the security for us and not allow anonymous. We have set
this up with one of our development clients and servers, but when we try
to connect we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.

Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried
with setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since
the application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however
a trust relationship exists between the two domains. We have verified
that the trust works by opening the NorthWind database in Enterprise
Manager on the development machine.

Can anyone tell us what we are doing wrong here?

A few pages ago theres a thread on what sounds like a similar problem that
was answered well. If you do a search for this string

"ASP.Net Impersonation Problem"

You should come up with it at the top of the list of results. The post
talks
about credential forwarding, impersonation and authentication. Which I
believe, is what you're currently having problems with.

Hope that helps!

Steve.

"Ron L" wrote:

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients
from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO**************@TK2MSFTNGP14.phx.gbl...

> Have you set the remoting client to pass the default credentials to the
> server? If so, how? Also, what happens when you attempt to browse to
> the
> server URL in IE?
>
>
> "Ron L" <ro**@bogus.Address.com> wrote in message
> news:eg**************@TK2MSFTNGP14.phx.gbl...
>> We are working on a distributed VB.Net application which will access a
>> SQL database located on a known server. Each client will run on the
>> user's local machine. To implement this, we are trying to use
>> remoting
>> for our access to the SQL server, with the remoting being via IIS.
>> Since
>> all of our users will have accounts in the destination domain, we want
>> to
>> have IIS handle the security for us and not allow anonymous. We have
>> set
>> this up with one of our development clients and servers, but when we
>> try
>> to connect we get the following error message:
>> An unhandled exception of type 'System.Net.WebException' occurred
>> in
>> mscorlib.dll
>>
>> Additional information: the remote server returned an error:
>> (401)
>> Unauthorized.
>>
>>
>>
>> Our configuration is this:
>> Component Running on
>> Module1 the development machine
>> RemotingTest IIS on the development machine
>> NorthWind DB SQL Server on another server
>>
>> IIS is configured for Windows Authentication, and the directory with
>> the
>> RemotingTest object has "Script Source Access" set and the Execute
>> Permissions are set to "Scripts and Executables". We have also tried
>> with setting IIS to Allow Anonymous, which moves the error out to the
>> SQL
>> connection (with the error message of "can't make a connection for
>> user
>> NULL"). Even if anonymous did work, it would be a problem for us
>> since
>> the application we are using requires the username to be accessible.
>>
>> The SQL server is in a different domain from development machine,
>> however
>> a trust relationship exists between the two domains. We have verified
>> that the trust works by opening the NorthWind database in Enterprise
>> Manager on the development machine.
>>
>> Can anyone tell us what we are doing wrong here?
>>
>>
>>
>
>

I can't see any obvious problems in your code. Do you still get a 401
error if you try to reproduce the simple sample from
http://msdn.microsoft.com/library/en...tinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] =
CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object
in the code below, I still get my (401) Unauthorized error. Can you
clear this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl...

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application
to be able to do is to try the credentials of the currently logged in
user, and if that fails prompt the user for a username and password.
Is this two different instances of using specific credentials, or is it
one instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server
and, if authentication fails, prompt the user for custom credentials
then switch over to using those credentials. An example of setting the
proxy to use such credentials is shown in the "Using specific
credentials" section of the ".NET Remoting Security" reference.

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:u%****************@TK2MSFTNGP12.phx.gbl...
> "Ron L" <ro**@bogus.Address.com> wrote in message
> news:uI**************@TK2MSFTNGP10.phx.gbl...
>> Nicole
>> I guess I don't know how I am specifying the credentials on the
>> client side.
>
> Then chances are very good that the client credentials aren't being
> passed. See
> http://msdn.microsoft.com/library/en...SecNetch11.asp
> (particularly the "Passing Credentials for Authentication to Remote
> Objects" section) for possible approaches.
>
>
>> As I said to Gregory, I was assuming that IIS handled the credentials
>> as it does for ASP.
>
> IIS will perform the user authentication, but only if the user's
> credentials are passed from the client machine, which is something
> that IIS cannot do. The transparent passing of client credentials that
> you see when using IE to browse a Windows-authenticated intranet site
> is because IE is configured to pass those credentials without user
> intervention. You'll need to make it possible for your client
> application to pass the same credentials.
>
>
>> As to accessing the server, if I enter the following URL:
>> http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>
>> I get an automatically generated web page listing the message names,
>> port names, binding names, etc.
>
> What happens if you disable the intranet zone automatic logon in IE?
>
>
>>
>> Ron L
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> That looks like your server config file, which isn't what I was
>>> asking about. On the client, how are you specifying the credentials
>>> that should be sent to the server? (If you don't know what this
>>> question means, chances are excellent that you're not sending any
>>> credentials, which would explain the authentication problem. <g>)
>>> Also, could you please check if you can access the server via IE?
>>>
>>>
>>>
>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>> news:O%****************@TK2MSFTNGP15.phx.gbl...
>>>> Nicole
>>>> Thanks for your response. I am using a web.config file that I
>>>> have included at the end of this message.
>>>>
>>>> Ron L
>>>>
>>>> --------------------------Start
>>>> Web.Config ------------------------------------------------
>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>> <configuration>
>>>>
>>>> <system.web>
>>>> <compilation defaultLanguage="vb" debug="true" />
>>>> <customErrors mode="RemoteOnly" />
>>>> <authentication mode="Windows" />
>>>> <authorization>
>>>> <allow users="*" /> <!-- Allow all users -->
>>>> <allow verbs="GET" users="*" />
>>>> </authorization>
>>>> <trace enabled="false" requestLimit="10" pageOutput="false"
>>>> traceMode="SortByTime" localOnly="true" />
>>>> <sessionState
>>>> mode="Off"
>>>> />
>>>> <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>>> />
>>>>
>>>> <identity impersonate="true" />
>>>>
>>>> </system.web>
>>>>
>>>> <appSettings>
>>>> <!-- Trusted_Connection=yes -->
>>>> <add key="ConnectionString"
>>>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>> />
>>>> </appSettings>
>>>>
>>>> <system.runtime.remoting>
>>>> <application>
>>>> <!-- the following section defines the classes we're exposing to
>>>> clients from this host -->
>>>> <service>
>>>> <wellknown mode="SingleCall"
>>>> objectUri = "NWInfo.rem"
>>>> type = "RemotingTest.NWInfo, RemotingTest" />
>>>>
>>>> </service>
>>>> <channels>
>>>> <channel ref="http"
>>>> useDefaultCredentials="true" />
>>>> </channels>
>>>> </application>
>>>> </system.runtime.remoting>
>>>> </configuration>
>>>> -------------------------- End
>>>> Web.Config -----------------------------------------------
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:uO**************@TK2MSFTNGP14.phx.gbl...
>>>>> Have you set the remoting client to pass the default credentials
>>>>> to the server? If so, how? Also, what happens when you attempt
>>>>> to browse to the server URL in IE?
>>>>>
>>>>>
>>>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>>>> news:eg**************@TK2MSFTNGP14.phx.gbl...
>>>>>> We are working on a distributed VB.Net application which will
>>>>>> access a SQL database located on a known server. Each client
>>>>>> will run on the user's local machine. To implement this, we are
>>>>>> trying to use remoting for our access to the SQL server, with the
>>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>>> in the destination domain, we want to have IIS handle the
>>>>>> security for us and not allow anonymous. We have set this up with
>>>>>> one of our development clients and servers, but when we try to
>>>>>> connect we get the following error message:
>>>>>> An unhandled exception of type 'System.Net.WebException'
>>>>>> occurred in mscorlib.dll
>>>>>>
>>>>>> Additional information: the remote server returned an error:
>>>>>> (401) Unauthorized.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Our configuration is this:
>>>>>> Component Running on
>>>>>> Module1 the development machine
>>>>>> RemotingTest IIS on the development machine
>>>>>> NorthWind DB SQL Server on another server
>>>>>>
>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>>> the Execute Permissions are set to "Scripts and Executables". We
>>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>>> the error out to the SQL connection (with the error message of
>>>>>> "can't make a connection for user NULL"). Even if anonymous did
>>>>>> work, it would be a problem for us since the application we are
>>>>>> using requires the username to be accessible.
>>>>>>
>>>>>> The SQL server is in a different domain from development machine,
>>>>>> however a trust relationship exists between the two domains. We
>>>>>> have verified that the trust works by opening the NorthWind
>>>>>> database in Enterprise Manager on the development machine.
>>>>>>
>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

I can't see any obvious problems in your code. Do you still get a 401
error if you try to reproduce the simple sample from
http://msdn.microsoft.com/library/en...tinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] =
CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object
in the code below, I still get my (401) Unauthorized error. Can you
clear this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterfac e.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials") )
Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl...

"Ron L" <ro**@bogus.Address.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application
to be able to do is to try the credentials of the currently logged in
user, and if that fails prompt the user for a username and password.
Is this two different instances of using specific credentials, or is it
one instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server
and, if authentication fails, prompt the user for custom credentials
then switch over to using those credentials. An example of setting the
proxy to use such credentials is shown in the "Using specific
credentials" section of the ".NET Remoting Security" reference.

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.

Ron L

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:u%****************@TK2MSFTNGP12.phx.gbl...
> "Ron L" <ro**@bogus.Address.com> wrote in message
> news:uI**************@TK2MSFTNGP10.phx.gbl...
>> Nicole
>> I guess I don't know how I am specifying the credentials on the
>> client side.
>
> Then chances are very good that the client credentials aren't being
> passed. See
> http://msdn.microsoft.com/library/en...SecNetch11.asp
> (particularly the "Passing Credentials for Authentication to Remote
> Objects" section) for possible approaches.
>
>
>> As I said to Gregory, I was assuming that IIS handled the credentials
>> as it does for ASP.
>
> IIS will perform the user authentication, but only if the user's
> credentials are passed from the client machine, which is something
> that IIS cannot do. The transparent passing of client credentials that
> you see when using IE to browse a Windows-authenticated intranet site
> is because IE is configured to pass those credentials without user
> intervention. You'll need to make it possible for your client
> application to pass the same credentials.
>
>
>> As to accessing the server, if I enter the following URL:
>> http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>
>> I get an automatically generated web page listing the message names,
>> port names, binding names, etc.
>
> What happens if you disable the intranet zone automatic logon in IE?
>
>
>>
>> Ron L
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>>> That looks like your server config file, which isn't what I was
>>> asking about. On the client, how are you specifying the credentials
>>> that should be sent to the server? (If you don't know what this
>>> question means, chances are excellent that you're not sending any
>>> credentials, which would explain the authentication problem. <g>)
>>> Also, could you please check if you can access the server via IE?
>>>
>>>
>>>
>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>> news:O%****************@TK2MSFTNGP15.phx.gbl...
>>>> Nicole
>>>> Thanks for your response. I am using a web.config file that I
>>>> have included at the end of this message.
>>>>
>>>> Ron L
>>>>
>>>> --------------------------Start
>>>> Web.Config ------------------------------------------------
>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>> <configuration>
>>>>
>>>> <system.web>
>>>> <compilation defaultLanguage="vb" debug="true" />
>>>> <customErrors mode="RemoteOnly" />
>>>> <authentication mode="Windows" />
>>>> <authorization>
>>>> <allow users="*" /> <!-- Allow all users -->
>>>> <allow verbs="GET" users="*" />
>>>> </authorization>
>>>> <trace enabled="false" requestLimit="10" pageOutput="false"
>>>> traceMode="SortByTime" localOnly="true" />
>>>> <sessionState
>>>> mode="Off"
>>>> />
>>>> <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>>> />
>>>>
>>>> <identity impersonate="true" />
>>>>
>>>> </system.web>
>>>>
>>>> <appSettings>
>>>> <!-- Trusted_Connection=yes -->
>>>> <add key="ConnectionString"
>>>> value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>> />
>>>> </appSettings>
>>>>
>>>> <system.runtime.remoting>
>>>> <application>
>>>> <!-- the following section defines the classes we're exposing to
>>>> clients from this host -->
>>>> <service>
>>>> <wellknown mode="SingleCall"
>>>> objectUri = "NWInfo.rem"
>>>> type = "RemotingTest.NWInfo, RemotingTest" />
>>>>
>>>> </service>
>>>> <channels>
>>>> <channel ref="http"
>>>> useDefaultCredentials="true" />
>>>> </channels>
>>>> </application>
>>>> </system.runtime.remoting>
>>>> </configuration>
>>>> -------------------------- End
>>>> Web.Config -----------------------------------------------
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:uO**************@TK2MSFTNGP14.phx.gbl...
>>>>> Have you set the remoting client to pass the default credentials
>>>>> to the server? If so, how? Also, what happens when you attempt
>>>>> to browse to the server URL in IE?
>>>>>
>>>>>
>>>>> "Ron L" <ro**@bogus.Address.com> wrote in message
>>>>> news:eg**************@TK2MSFTNGP14.phx.gbl...
>>>>>> We are working on a distributed VB.Net application which will
>>>>>> access a SQL database located on a known server. Each client
>>>>>> will run on the user's local machine. To implement this, we are
>>>>>> trying to use remoting for our access to the SQL server, with the
>>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>>> in the destination domain, we want to have IIS handle the
>>>>>> security for us and not allow anonymous. We have set this up with
>>>>>> one of our development clients and servers, but when we try to
>>>>>> connect we get the following error message:
>>>>>> An unhandled exception of type 'System.Net.WebException'
>>>>>> occurred in mscorlib.dll
>>>>>>
>>>>>> Additional information: the remote server returned an error:
>>>>>> (401) Unauthorized.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Our configuration is this:
>>>>>> Component Running on
>>>>>> Module1 the development machine
>>>>>> RemotingTest IIS on the development machine
>>>>>> NorthWind DB SQL Server on another server
>>>>>>
>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>>> the Execute Permissions are set to "Scripts and Executables". We
>>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>>> the error out to the SQL connection (with the error message of
>>>>>> "can't make a connection for user NULL"). Even if anonymous did
>>>>>> work, it would be a problem for us since the application we are
>>>>>> using requires the username to be accessible.
>>>>>>
>>>>>> The SQL server is in a different domain from development machine,
>>>>>> however a trust relationship exists between the two domains. We
>>>>>> have verified that the trust works by opening the NorthWind
>>>>>> database in Enterprise Manager on the development machine.
>>>>>>
>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>