RE: router, windows authentication and passing credentials

From: Don Yeske (DonYeske_at_discussions.microsoft.com)
Date: 11/11/04

• Next message: Christian Weyer [MS RD, MVP]: "Re: Defining an EndpointReference in WSDL"
• Previous message: Don Yeske: "NOT signing a RSTR using an X.509 certificate"
• In reply to: Trebor: "router, windows authentication and passing credentials"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 11 Nov 2004 14:13:04 -0800

Hope this helps, maybe not:

Bear in mind that Windows 2000 does *NOT* support impersonation by the
ASP.NET worker process account. The reason is that the ASPNET account lacks
the privilege Act As Part of the Operating System. Of course, you wouldn't
want to assign that privilege to ASPNET (which is supposed to be a
limited-privilege account anyway). This is not a problem on later versions
of Windows that use the Network Service account instead of ASPNET. I'm not
sure if it's a problem in XP.

If you need impersonation under 2000, you can change your machine config to
run as another account instead of ASPNET (e.g., LocalSystem), but this is
just as bad as giving ASPNET the requisite privilege.

-- Don

"Trebor" wrote:

> Hi all.
>
> I'm designing a system consists of 3 parts:
> 1.web client app
> 2. web service router
> 3. web service
>
> Web client app. calls web service via router. ( I successfully implemented
> this kind of behavior using anonymous access.)
>
> Now, when I try to use windows authentication, the web service router is
> not calling the dest. web service any more.
>
> I added these two lines in all web.config files
> <authentication mode="Windows" />
>
> <identity impersonate="true"/>
>
> but without success.
>
>
> When I call the dest web service directly (without routing) everything is
> O.K.
> So, I think that the problem resides on a web service router's side.
>
> I think that I might need to pass credentials in a RouterHandler unit,
> but I don't know how to do that.
>
> Any help will be appreciated.
>
> Trebor
>
>
>

---

• Next message: Christian Weyer [MS RD, MVP]: "Re: Defining an EndpointReference in WSDL"
• Previous message: Don Yeske: "NOT signing a RSTR using an X.509 certificate"
• In reply to: Trebor: "router, windows authentication and passing credentials"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Access Denied Temporary ASP.NET files ... ASPNET, so all the security experiments I was making were ... >SERVICE account, unless you have modified the settings. ... >> I have a web service which is working on a Windows XP ... (microsoft.public.dotnet.framework.aspnet.security) Re: Is the aspnet account called "aspnet" for all non-English versions of Windows and IIS? ... For Windows 2003 Server, the aspnet account is "network service". ... (microsoft.public.dotnet.framework.aspnet) Re: ASP.NET impersonation generating configuration error ... If you are using Windows 2000 and the default ASP.NET processModel (with the ... ASPNET local machine account), you can't use that version of impersonation ... the only account that has that privilege is SYSTEM. ... (microsoft.public.dotnet.security) Re: On resume password protect ... ASPNET is on the does not count as more than one user list. ... ..Net Framework 1.1 is installed onto a Windows XP computer. ... What is the ASP.NET Machine Account? ... display Welcome screen is displayed if... ... (microsoft.public.windowsxp.security_admin) Re: Web Service using Windows Authentication ... I saw user account ASPNET in my computer. ... this user account in a SQL server, ... >>do we make a web service connect to that SQL server? ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)