Re: setting security

From: "Saverio Tedeschi" <tesis@xxxxxxxxx>
Date: Sun, 19 Jun 2005 23:10:21 +0200

I had to delete client project and build it again. At a given moment,
refreshing web service from inside client was not enough, and I always got
"HTTP 401 - Access denied" error. Rebuilding project from scratch (after
having copied first, of course) solved this issue. Why? (just wondering,
however I like to understand problems. Any clue? TIA

"Saverio Tedeschi" <tesis@xxxxxxxxx> ha scritto nel messaggio
news:%23Qw68kKdFHA.220@xxxxxxxxxxxxxxxxxxxxxxx
> Thank you,
> this solved my issue. Actually, I'd not not inserted impersonating. BTW,
> I've a couple of ASP.NET apps that work with Windows authentication, but
> w/out impersonation. I'd also tried to send credentials to web service,
> but they don't appear to be acknowledged on web side (I've listened to
> user by System.Threading.Current.Principal.Identity.Name; is there another
> method to retrieve identity? Just wondering). Have a nice day!
>
> "CodeMeister" <jwojtowicz@xxxxxxxxxxxxxxx> ha scritto nel messaggio
> news:eFRfo6HdFHA.3328@xxxxxxxxxxxxxxxxxxxxxxx
>> You may have a couple issues here.
>>
>> Case 1. SQL Server resides on same server as web server and you are
>> trying to use the remote user's credentials.
>>
>> You need to set the application to use Windows authentication. In
>> addition you need to set IIS to use Windows Authentication (make sure
>> anonymous is unchecked). In theweb.config set the make sure you have the
>> follwoing set: <authentication mode="Windows" />. Also add the following:
>> <identity impersonate="true" />. On the client you need to set your
>> credential similar to the following:
>>
>> proxy.Credentials = Systen.Net.CredentialCache.DefaultCredentials
>>
>> This will allow the client to authenticate using Windows authentication.
>>
>> Case 2. SQL Server is on a remote server from the web server.
>>
>> In this case you can configure the web server and client as above. You'll
>> also need to provide an application account to access SQL Server. This is
>> due to an issue known as a double hop. The credentials cannot be passed
>> from the web server to the SQL Server. If you are using Windows 2003 you
>> can set the id on the application pool you are using. In Windows 2003 you
>> need to supply a user name and password for the application to run under.
>> To set the account in the web.config, modify the identity element as
>> follows:
>> <identity impersonate="true" userName="domain\userName"
>> password="mySecretPassword" />
>>
>> Placing the credential information in the web.config is a security risk.
>> Her's a link on encrypting the information:
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
>>
>> Here's a link on security issues with ASP.Net
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;891031
>>
>> IHTH
>>
>> Jon
>>
>> This
>> "Saverio Tedeschi" <tesis@xxxxxxxxx> wrote in message
>> news:uY83v1EdFHA.720@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi all gurus,
>>> it's the very 1st time I attempt to build a Web Service app, and while
>>> simple samples work fine, I stuck trying to fill (on server side) a
>>> DataSet to be returned by the service. Test run fails with HTTP 500 -
>>> Internal server error, but the true error is in Fill method, which
>>> doesn't succeed. Client app fails with
>>> ""System.Web.Services.Protocols.SoapException" in
>>> system.web.services.dll" (SQL Server not found or access denied). I've
>>> tried "None" (and accordingly http "anonymous") authentication and
>>> "Windows (http "integrated"), passing user and pwd as credential in
>>> proxy class; I set up an user (in SQL Server) and gave him read access
>>> rights to the two tables involved, and db_datareader role, with no
>>> success. I'm currently using web .NET app with no flaws, using
>>> integrated widows authentication; why does webservice fail? Can pls
>>> point me to the right direction? Lot of thanks in advance.
>>>
>>
>>
>
>

.

References:
- setting security
  - From: Saverio Tedeschi
- Re: setting security
  - From: CodeMeister
- Re: setting security
  - From: Saverio Tedeschi

Prev by Date: Re: setting security
Next by Date: Change Project Name Vs.net
Previous by thread: Re: setting security
Next by thread: Change Project Name Vs.net
Index(es):
- Date
- Thread

Relevant Pages

Re: What doesnt lend itself to OO?
... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
(comp.object)
This is going straight to the pool room
... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
(comp.os.vms)
Reuse of Remoting Channels...
... makes it possible for the server to know the identity of the caller. ... If my client is on the other side of a Windows 'realm' (as in the ... RemotingConfiguration options) to reject any clients whose credentials ... "Remoting server cannot be reached. ...
(microsoft.public.dotnet.framework.remoting)
Re: SSPI Kerberos for delegation
... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
(comp.protocols.kerberos)
Re: Authentication woes
... I can not really understand how the client should connect to the DC when they are at work with the 192.x.x.x ip when the server is in 10.x.x.x network. ... If i read the output for the client it is member of domainb.internal and not member of domain.com like the DC, ... If the user logon with cached credentials, ...
(microsoft.public.windows.server.active_directory)