Re: Calling Web Service that calls other Web Service with Windows Authentication

Hello all,
this is problem known as dual hop. You are passing credentials (by
token) to one server, this is correct (just windows token is passed),
but you cannot pass token somewhere else on remote computer, this would
be potential security bug (program could use passed access to do
something).
Solution is as was written by Bruce Barker,
- either using basic authentication (passing user and password using
cleartext) Then you can easily use name and password for login without
troubles, but you are facing risk of network listening ..
- either kerberos network token passing - this also is not as secure as
it should be. You need to configure remote computer for using this
access in Active Directory.
- and the last passibility is easily use the same computer for two web
services - then you do not need to pass token remotely and windows can
handle this on single computer.

Martin Kunc

Balasubramanian Ramanathan wrote:
you can do this...

In webservice1 code behind you will be creating the reference object of the
second webservice.

There you can specify whet credential you have to use when calling web
service2.
for example

WebService2 ws = new WebService2();
ws.Credentials = ................

and call the 2nd web service..

since be default webservice2 will be called with the credential of asp.net
worker process you will be gettting this error.

Hope this helps

<manuelserpabrandao@xxxxxxxxx> wrote in message
news:1150300478.879897.254470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all


I would like to now the answer to the following problem, if someone can

help.


Given a windows application client that's calling a web service (using
default credentials) the
web service gets invoked fine with the users credentials. However they
need
to call a second web service from the first one. When it hits the
second web
service, the web service (even though configured correctly) always
reports (401) Unauthorized.


Is there any possibility to do this or is impossible ?


Is possible to implement any workaround for this problem ?


Thanks in advance


Manuel Brandão

.

Relevant Pages

  • Re: Getting user ID from Web Service credentials
    ... and I'm trying to implement Windows authentication. ... > OK in the standalone client app (I use their Windows current user name to ... When I use a Web Service, ... > name in the credentials object above from the client side, ...
    (microsoft.public.dotnet.security)
  • Error: "The underlying connection was closed: Unable to connect to the remote server."
    ... We have developed a Web Service with vb.net using VS 2003 on a Windows 2003 ... The Test application that we developed is passing 6 parameters to ... connect to the remote server. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Cant authenticate to lists.asmx web service
    ... Lists web service. ... The code works fine when I set the credentials to ... I have found many cases where people can get this to work by passing ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Cant authenticate to lists.asmx web service
    ... Lists web service. ... The code works fine when I set the credentials to ... I have found many cases where people can get this to work by passing ...
    (microsoft.public.sharepoint.portalserver.development)
  • RE: synchronizing domain user Local cached credentials with domain
    ... Would you mind emailing me your script? ... windows taskbar bubble which would indicate that their password needs to be ... locally cached credentials are out of sync with domain credentials. ...
    (microsoft.public.windowsxp.security_admin)