Re: Pass through credentials to web service
From: Scott Allen (bitmask_at_[nospam)
Date: 12/21/04
- Next message: Patrick Olurotimi Ige: "Re: lock-out "Back" button"
- Previous message: JP.Sklenka: "RE: configuration error"
- In reply to: cmueller_at_online.nospam: "Pass through credentials to web service"
- Next in thread: Clint (cmueller_at_online.nospam): "Re: Pass through credentials to web service"
- Reply: Clint (cmueller_at_online.nospam): "Re: Pass through credentials to web service"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Dec 2004 20:28:28 -0500
It is the double-hop' limitation of NTLM authentication. The client's
credentials can make one hop from the client machine to the
application server, the server cannot then use those credentials to
make a second network hop without some additional config work.
See: http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx
-- Scott http://www.OdeToCode.com/blogs/scott/ On 20 Dec 2004 12:36:04 -0800, "cmueller@online.nospam" <cjmueller@gmail.com> wrote: >Hey all - > >I'm in a bit of a bind concerning web services and integrated >authentication. I'll give you a little background as to what I'm trying >to do ... > >I have a client application that calls a web service. The web service >uses integrated windows authentication (with identity impersonation = >true in Web.Config) with anonymous authentication turned off in IIS. >Calling the web service works as expected - users that can get to it >get to it, users that don't get a 401 Access Denied. I want this web >service to also make a call to a database sitting on a remote SQL >Server using the same credentials that were passed through to the web >service (for example, Domain\UserA access web service, web service >calls Sql Server with login of Domain\UserA. UserB access web service, >web service calls SQL Server with login of Domain\UserB, etc.) > >The problem arises when I try to access the SQL box; I always get the >following error: > >Login failed for user '(null)'. Reason: Not associated with a trusted >SQL Server connection. > >I've seen numerous posts about this online, but none really with a >definitive answer as to what I should do. If I use Basic Authentication >in IIS with everything else unchecked, the web service works (except it >always asks for a login/password, thus throwing a 401 code when the >client app tries calling it). I figure there has to be a way to get >these credentials to be passed through in a secure manner, I just >haven't found it. > >Does anyone have any ideas? > >Thanks! >Clint
- Next message: Patrick Olurotimi Ige: "Re: lock-out "Back" button"
- Previous message: JP.Sklenka: "RE: configuration error"
- In reply to: cmueller_at_online.nospam: "Pass through credentials to web service"
- Next in thread: Clint (cmueller_at_online.nospam): "Re: Pass through credentials to web service"
- Reply: Clint (cmueller_at_online.nospam): "Re: Pass through credentials to web service"
- Messages sorted by: [ date ] [ thread ]
