Re: Security setting help required in web.config file.

From: Scott Allen (bitmask_at_[nospam)
Date: 08/25/04

• Next message: Scott Allen: "Re: C#, passing control ID"
• Previous message: me: "Edit datagrid how?"
• In reply to: Robin Patra: "Security setting help required in web.config file."
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 25 Aug 2004 09:57:10 -0400

Hi Robin:

I assume when you get user not authenticated this is on the call from
machine1 to the webservice on machine2? Are you trying to impersonate
the client on the web service call to machine 1?

There is a one hop limit on NTLM credentials, unless you enable
Kerberos delegation. The user's credentials make one hop from the
browser on machine3 to the web server on machine2. The web server
cannot use these credentials to make a second hop to machine1.

There are a couple solutions (at least):

1) Kerberos delegation
2) Running ASP.NET on the web server under a domain account or local
account synchronized with the web service machine.

I hvae an article with some more details. Even thought the article
focuses on SSRS it is applicable to other services.:

Authentication, Role-based Security, and SQL Reporting Services Web
Services
http://www.odetocode.com/Articles/216.aspx

HTH,

--
Scott
http://www.OdeToCode.com
On 24 Aug 2004 22:14:41 -0700, patra_robin@yahoo.com (Robin Patra)
wrote:
>Hi All,
>
>We have the following scenerio.
>Machine 1: webservice is deployed in this machine.
>Machine 2: UserControl is deployed in this machine.
>
>Case 1:
>Now my requirement is a person from Machine 3 types
>(http://servername(machine 2)/myusercontrol.aspx.
>
>In this sceneraio i am getting error user not authenticated.
>
>We are using Windows authicated and Windows2003 server.
>
>Case2:
>But if i access using (http://localhost(machine2)/myusercontrol.aspx..
>I gets the required result.
>
>Can anybody plzz let me know what i am doing wrong in Case1.
>
>This is a urgernt project requiremnet..
>Any help is quite appreciated.
>
>Thx in advance.
>Robin

---

• Next message: Scott Allen: "Re: C#, passing control ID"
• Previous message: me: "Edit datagrid how?"
• In reply to: Robin Patra: "Security setting help required in web.config file."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Trying to pass NetworkCredential to WebService ... authentication. ... ASP.NET's webservice calling code, we need to attach a NetworkCredential to ... application pool different from the ASP.NET ... So this still is a problem because my web service needs to run ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: File Upload Web Service ... the uploaded files in a web service just the same as a web form. ... I found that the Request.Files collection is accessible in both a web form ... > webservice. ... as for implementing authentication mechanism ... (microsoft.public.dotnet.framework.aspnet) RE: User Security? ... The authentication is "Integrated Windows Authentication". ... Currently I am trying to access the web service thru IE6. ... you're developing an ASP.NET webservice which hosted ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.webservices) Re: Problem with web service credentials ... I guess you have impersonation turned on in you website and the webservice is on another computer. ... Implement Kerberos authentication. ... error stating that it is unauthorized to call the web service. ... (microsoft.public.dotnet.general) Best way to deploy authentication on web services ... I'm building a distributed app that will be accessible to both domain ... web server that holds the client app with 2 virtual directories. ... Is it possible to have one authentication scheme on the ... passed back to the web service to future calls? ... (microsoft.public.dotnet.framework.aspnet.webservices)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)