RE: User Security?

Hello Steven,

Thanks for your reply.

1. The authentication is "Integrated Windows Authentication".

2. Application Pool Identity is set to "Predefined" on "Network Service".

3. At web.config file only "<authentication mode="Windows" />" is set for
authentication.

4. Currently I am trying to access the web service thru IE6.

5. The error I receive when trying to access from IE6 is:

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. You might not have permission to view the requested
resources.

Error message 401.3: You do not have permission to view this directory or
page using the credentials you supplied (access denied due to Access Control
Lists). Ask the Web server's administrator to give you access.

6. When I am setting the user to be a part of *Administrator* group I am
able to access successfully to the web service.


Kind Regards,
Asaf


"Steven Cheng[MSFT]" wrote:

Hello Asaf,

Thank you for posting in the MSDN newsgroup.

From your description, you're developing an ASP.NET webservice which hosted
in IIS. Recently, you've publshed it onto a SBS 2003 server (IIS6), and
configure it to deny anonymous access. However, you found that you can not
make a custom user (newly created one) successfully access the webservice,
correct?

As for this issue, I would like to confirm some further things in your
application and the problem environment:

1. What's the authentication type setting in your webservice's IIS virtual
directory, is it basic or intergrated windows? Also, what's the webservice
application's application pool identity in IIS.

2. What's the authentication setting you configured for your ASP.NET
webservice application in the web.config , also have you used impersonate
in your webservice (through the <identity impersonate=xxx /> element in
web.config) ?

3. Currently how are you accessing the webservice(through webbrowser or
client proxy code in client application built through .net framework)?

4. What's the error message or detaile behavior you get when you failed to
access the webservice through your custom non-admin account?

When you access webservice in IIS (deny anonymous access), the webbrowser
(IE) will help you supply user credential to the service, while when we use
code proxy to programmtically call webservice memthods, we need to
programmaticaly set the credential (if we don't want to use the default
security context of the client program). Also, at server-side, whether
the ASP.NET appliation is impersonated also affect the appliation's
behavior since when ASP.NET is configured as impersonate=true, it will use
the client authenticated user identity(from IIS) to access any restriected
resource which may cause error when that user doesn't have sufficient
permission.

Anyway, please feel free to let me know if you have any other finding or
there is anything I've missed here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial

response from the community or a Microsoft Support Engineer within 1
business day is

acceptable. Please note that each follow up response may take approximately
2 business days

as the support professional working with you may need further investigation
to reach the

most efficient resolution. The offering is not appropriate for situations
that require

urgent, real-time or phone-based interactions or complex project analysis
and dump analysis

issues. Issues of this nature are best handled working with a dedicated
Microsoft Support

Engineer by contacting Microsoft Customer Support Services (CSS) at

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights
.

Relevant Pages

  • RE: Possible to consume a web service with VB.NET 1.1 VS 2003?
    ... webservice is aiming at interop between heterogenious platforms. ... Microsoft MSDN Online Support Lead ... Possible to consume a web service with VB.NET 1.1 VS 2003? ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Trying to pass NetworkCredential to WebService
    ... authentication. ... ASP.NET's webservice calling code, we need to attach a NetworkCredential to ... application pool different from the ASP.NET ... So this still is a problem because my web service needs to run ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: VBA access to WSE web service?
    ... \par Yes, you're right, COM interop is one possible approach as long as the client machine also has .net framework and WSE installed... ... \par Microsoft Online Support ... \par Subject: Re: VBA access to WSE web service? ... \par>Regarding on the calling WSE protected XML Webservice through Office ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: HTTP Statuscode 401 (unauthorized) when accessing secured webservice
    ... The 3rd party webservice is hosted on linux. ... Using the CredentialCache to specify basic authentication didn't help. ... you can use CredentialCache class to construct client credentials and specify authenticaiton type. ... We welcome your comments and suggestions about how we can improve the support we provide to you. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: File Upload Web Service
    ... the uploaded files in a web service just the same as a web form. ... I found that the Request.Files collection is accessible in both a web form ... > webservice. ... as for implementing authentication mechanism ...
    (microsoft.public.dotnet.framework.aspnet)