Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
- From: "Martin Pes" <mpes@xxxxxxxxxxxxxxxx>
- Date: Thu, 28 Dec 2006 08:47:39 +0100
Hi Steven,
Thanks for response. Regarding your questions:
My client needs to provide windows credentials to call the web service.
Because the client is supposed to connect over internet I cannot use windows
authentication. So IIS has windows authentication off and anymous access on.
As I have already stated, if I use only usernameOverTransport it works fine.
But when I switch to usernameForCertificate it fails - so this suggests that
the problem has to do something with the certificate.
I have set access to the certificate private key for the custom service
account and also I have used "aspnet_regiis -ga".
As I said in previous post it works fine if there is an active remote
desktop session logged into the same account in the time of using the web
service.
I am getting quite desperate as the code should go to production soon and I
still did not sort it out.
Martin
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:4v$%238mNJHHA.2488@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Martin,
Just want to know whether you've turned on integreted windows
authentication on your webservice server machine and does your webservice
client also need to provide windows credential when calling the
webservice?
Based on my research, there are some issue (have similar symptom with you)
which is caused by kerberos authentication fails when server service is
using a custom account. So you've already use "anomymous access" for your
webservcie virtual dir in IIS, that should not be the problem.
Also, if you're using ASP.NET 2.0, you can use the "aspnet_regiis -ga"
command to grant the sufficient permission to a custom account that will
be
used to run ASP.NET application
http://msdn2.microsoft.com/en-us/library/k6h9cz8h(vs.71).aspx
If you have any other finding, please also feel free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- References:
- Cannot use usernameForCertificateSecurity with IIS application pool custom account
- From: Martin Pes
- Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
- From: Martin Pes
- Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
- From: Martin Pes
- Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
- From: Steven Cheng[MSFT]
- Cannot use usernameForCertificateSecurity with IIS application pool custom account
- Prev by Date: RE: wse custom headers
- Next by Date: RE: WCF with multiple threads
- Previous by thread: Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
- Next by thread: RE: WSE 3.0 and timeToleranceInSeconds element
- Index(es):
Relevant Pages
|
