Re: Unable to access AS2k from Win 2k m/c URGENT!!!!!!

From: Akshai Mirchandani [MS] (akshaim_at_online.microsoft.com)
Date: 10/11/04

  • Next message: Akshai Mirchandani [MS]: "Re: 401:Unauthorized Connection Puzzler" 
    Date: Mon, 11 Oct 2004 13:11:07 -0700

    Hi,

    > I feel this problem is related to 2 things:
    > 1. The configuration of Win2k m/c. Is it missing
    > something that I am not aware of?

    No, the Win2k machine just needs to have XMLA SDK and/or ADOMD.NET, MSXML4
    and PTS (the AS2k client components). You shouldn't need anything else.

    > 2. The authenctication mechanism that is in place in
    > this scenario. Something related to impersonation? Does MS
    > Analysis server need more credentials than specified in my
    > connection string? How do I provide that? In SQL server,
    > we have mixed mode, so we can provide the username/pwd for
    > a connection? IS there an equivalent here also??

    This is the most likely cause of the problem. AS2k doesn't support "mixed
    mode" authentication like SQL Server -- it relies purely on Windows
    authentication mechanisms like NTLM/Kerberos. The only place it allows
    username/password is when you configure HTTP access to it using the
    msolap.asp feature (which is completely different from the XMLA SDK).

    > 3. One thing I read at places was "ADOMD.NET not
    > allowing direct connection"Don't know what that means.
    > Also, at places, using XMLA http value was suggested to be
    > used in the connection string.

    Let me explain this a little. ADOMD.NET can connect to a AS2k server in two
    ways:
    1. Over HTTP to a XMLA SDK virtual directory. In this case, you would
    configure a virtual directory for the XMLA SDK and specify "Data
    Source=http://server/url/msxisapi.dll" in your ADOMD.NET connection string.
    2. Over TCP/IP via the IXMLA component. To use this component, you would
    specify a connection string "Data Source=server;ConnectTo=8.0" and you need
    to make sure that the PTS components and MSXML4 are properly installed on
    the same machine as the ADOMD.NET client.

    Another important piece to the puzzle is authentication. When you use the
    NTLM authentication, it doesn't allow the client user's credentials to be
    delegated beyond the machine boundary. So if you have:
        Machine A Machine B Machine C
            Client Web App AS2K

    Then the credentials of the user on machine A can be impersonated on Machine
    B, but cannot be delegated to Machine C. Therefore the Web Application
    cannot connect to the AS2k server as the client user. It seems like the
    reason it is failing on your QA machine is because you are using your dev
    machine as a client which causes the delegation problem to occur.

    Now to the real question -- how to get this to work? There are several
    answers. For example:

    - You can use "Basic" authentication over HTTPS for the web client
    application. If you use Basic authentication, it would allow the user's
    credentials to be delegated to Machine C.
    - You could put the IIS onto the same machine as AS2K. This way the
    credentials would not need to be delegated.

    I would also suggest that you see if you can eliminate your web service and
    put all the logic in your web client app. Why do you need this web service
    in the first place? This way you would only need to solve one problem of
    delegation and simplify this configuration as well.

    Thanks,
    Akshai 

    --
This posting is provided "AS IS" with no warranties, and confers no rights
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Ri***" <mithun_vesit@yahoo.com> wrote in message
news:182e01c4af35$5e69dc60$a501280a@phx.gbl...
> Problem Definition
>
> My machine details: Win XP m/c with .NET framework 1.0,
> MSXML 4.0 parser, XML For Analysis 1.1, ADOMD.NET (8.0).
>
> SQL Server 2000 and Analysis Server 2000 are both hosted
> on the same but not on my m/c.
>
> Currently my web client, web services are both hosted on
> my machine. The client calls the web service which then
> calls both SQL Server and Analysis Server for fetching
> data.
>
> The config file of my client app has the following
> settings:
> <add key="DB_CONNECTION_STRING" value="Data
> Source=servername;Provider=MSOLAP;initial
> catalog=Reporting;ConnectTo=8.0"></add>
> <add key="WebServiceURL"
> value="http://localhost/enterprisewebservice/pipelineservic
> e.asmx" />
>
> <identity impersonate="false" />
>
> Both Anonymous access and WINdows Authentication options
> are enabled in IIS for this web site.
>
> My web service has the following setting in config file:
>
> <add key="DB_CONNECTION_STRING" value="Data
> Source=servername;Provider=MSOLAP;initial
> catalog=Reporting;ConnectTo=8.0"></add>
>
> <identity impersonate="true"/>. This tag was made true
> after browsing sites and newsgroups on ADOMD.net.
>
> With the above settings, everything works fine on my m/c
> (Dev m/c) . The web service is able to make calls to AS
> through ADOMD.NET and fetch data.
>
> Now I have hosted my application on a QA test server. This
> is Win 2k m/c with Service Pack 4, .NET framework 1.0,
> ADOMD.NET 8.0, MSXML parser 4.0, XML For Analysis 1.1.
> The web service in this case just doesn't work if
> impersonation is true. It shows "Server not available" IN
> the even log I have " aspnet_wp.exe stopped unexpectedly"
>
> If I remove this tag, the above error disappears. But
> still the web service is unable to fetch data from AS. It
> fails while opening a connection. Had added some trace
> code lately.
> The code snippet is :
>    <WebMethod(Description:="Returns cellset"), _
>         SoapHeader("headerObj")> _
>    Public Function ReturnCellSet(ByVal queryString As
> String) As String
>         'Check the SoapHeader
>         Dim result As String
>         Dim adomdConnection As AdomdConnection
>         Dim reader As System.Xml.XmlReader
>         Try
>                adomdConnection = New AdomdConnection
> (ConfigurationSettings.AppSettings("DB_CONNECTION_STRING"))
>                        adomdConnection.Open()
>                        Dim adomdCommand As New AdomdCommand
> (queryString, adomdConnection)
>             reader = adomdCommand.ExecuteXmlReader()
>                         Dim doc As XmlDocument = New
> XmlDocument()
>             doc.LoadXml(reader.ReadOuterXml())
>                        doc.Save(Server.MapPath(".")
> & "\Results.xml")
>                         result = doc.OuterXml()
>         Catch con As AdomdConnectionException
>                    Catch e As AdomdErrorResponseException
>                    Catch f As AdomdConnectionException
>                     Catch exp As Exception
>                     Finally
>                        reader.Close()
>             adomdConnection.Close()
>         End Try
>         Return result
>     End Function
>
> I feel this problem is related to 2 things:
> 1. The configuration of Win2k m/c. Is it missing
> something that I am not aware of?
> 2. The authenctication mechanism that is in place in
> this scenario. Something related to impersonation? Does MS
> Analysis server need more credentials than specified in my
> connection string? How do I provide that? In SQL server,
> we have mixed mode, so we can provide the username/pwd for
> a connection? IS there an equivalent here also??
> 3. One thing I read at places was "ADOMD.NET not
> allowing direct connection"Don't know what that means.
> Also, at places, using XMLA http value was suggested to be
> used in the connection string.
>
> I need help on this issue urgently..
>
> Thanks in advance
> Ri***
>
  • Next message: Akshai Mirchandani [MS]: "Re: 401:Unauthorized Connection Puzzler"