RE: Windows Service DefaultCredentials are empty?
- From: The Man From SQL <themanfromsql@xxxxxxxxxxxxxxxx>
- Date: Wed, 23 Aug 2006 05:53:02 -0700
Hi Steven,
Thanks very much for your reply. I think I was able to get to the bottom of
this issue yesterday by doing some digging online. How I was able to get it
to work is by setting the web proxy's PreAuthenticate property to true before
I set the credentials.
MyWebService ws = new MyWebService();
ws.PreAuthenticate = true;
ws.Credentials = System.Net.CredentialCache.DefaultCredentials;
For some reason, this worked doing the asynchronous call. The documentation
page on the PreAuthenticate property leads me to believe that an asynchronous
call, for some reason, doesn't resubmit when it gets a 401 error.
From the MSDN documentation:
"When PreAuthenticate is true, the WWW-authenticate header is sent with the
first request if the authentication mechanism supports doing so. When
PreAuthenticate is false, a request is made to the XML Web service method
without initially attempting to authenticate the user. If the XML Web service
allows anonymous access, then the XML Web service method is executed. If
anonymous access is disallowed, a 401 HTTP return code is sent back to the
client. In response, the WebClientProtocol class returns authentication
credentials to the Web server. If the client is authenticated and
subsequently authorized to access the XML Web service, the XML Web service
method is executed; otherwise the client is denied access."
The security tool our server team is using (CoreID), is an ISAPI filter so
it may have been killing the request when it saw that it was anonymous and
not allowing a retry.
But that still doesn't explain why I was able to hit the web service
asynchronously from a console app using the same credentials.
This morning we install the new Windows Service to QA (I was trying to hit
the QA web service from my machine) and see if the changes take.
"Steven Cheng[MSFT]" wrote:
.
Hi Man,
From your description, when calling a local webservice (protected through
IIS intergrated windows authentication) in your windows service
application, you're getting 401 error at client-side, and the same client
application code works in other console client applications, correct?
Based on my experience, calling webservice through proxy in windows service
and pass credential by "System.Net.CredentialCache.DefaultCredentials" is
definitely supported. Actually, the
"System.Net.CredentialCache.DefaultCredentials" will reference the current
windows security identity of the running process/thread. I've just created
a simple C# NT service which running under a local user account and access
a local webservice(win2k3 iis6) with windows authentication and it works
well. I have put some code in the service applicaion to trace the current
windows identity (when service start, calling webservice synchornously or
asynchornously) and it always display the service's logon account
(configured in SCM).
currently, I think you can try checking the following things:
1. Check the IIS log to see what's the detailed log entry of the failed
webservice calls from windows service.
2. test though some other simplified windows service(you can use my test
service if necessary) to see whether it works. In the service code, we can
log the windows identity
3. On the machine's eventlog, you can check whether there is any entries
that associated with your service.
4. Since webservice call will perform network operations, make sure the
user account is granted "Access this computer from the network" privilege
in the LSA.
BTW, I notice that you're calling the webservice asynchronously, are you
just using the proxy.beginXXX method? Or are you spawn separate thread to
do the work? I suggest you try simplifed code first to isolate the issue.
Also, on your computer, check the
I've attached my test windows service project in this message, you can get
it if you're using Outlook express to visit the newsgroup. If necessary, I
can send you via email also.
Please feel free to let me know if there is anything I missed or any other
information you wonder.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights
- Follow-Ups:
- RE: Windows Service DefaultCredentials are empty?
- From: Steven Cheng[MSFT]
- RE: Windows Service DefaultCredentials are empty?
- References:
- RE: Windows Service DefaultCredentials are empty?
- From: Steven Cheng[MSFT]
- RE: Windows Service DefaultCredentials are empty?
- Prev by Date: updating a remote sql server database from a local access database
- Next by Date: Conversion from 1.1 to ASP.NET 2.0
- Previous by thread: RE: Windows Service DefaultCredentials are empty?
- Next by thread: RE: Windows Service DefaultCredentials are empty?
- Index(es):
Relevant Pages
|
