RE: Problemes with custom Webservices and security.

From: Noble Lesmana (Lesmana_at_discussions.microsoft.com)
Date: 12/06/04 

Date: Sun, 5 Dec 2004 23:19:04 -0800

Hi,

Before I can do much help with your problem here, I need to see what you're
trying to do in you finally block. However, I suspect that you do something
that generates exception in your finally block. When the exception is thrown,
the ASP.NET will redirect your client to the error page. Hence, you will
never get the 'return "hello"' line executed.

You can try putting another try/catch block inside your finally block.

As for the security issues, I suggest that you enable the impersonation of
security context. You can add:

<identity impersonate="true"/>

inside the web.config of your web service application.

Then you should disable anonymous access in the IIS setting. Then you can
use windows authentication to enforce your client to login with the security
context that has permission to create site.

Thank you.
 

"Tako" wrote:

>
> I have a very strange problem:
>
> I have a client that calls a Webservice, this Webservice calls a DLL
> that uses de object model to create sites in SPS2003.
> If the user that uses the client hasn´t rights to create sites then the
> DLL throws a exception, this exception is catched by the Webservice, but
> then some strange happens.
>
> The code is something like that
>
> try
> call to dll
> catch
> somecode A
> finally
> somecode B
> end try
>
> return "hello"
>
> The call to dll generates a exception that it´s traped by "catch" then
> "somecode A" is executed, after that the "finally" part is executed
> ("somecode B") But then the Webservice never executes 'return "hello"',
> nevers executes code outsite the try statement.
>
> Then the client throws a connection exception (http error 401).
>
> It seems that the Webservice redirects itself to a page where the user
> does not have permissions and generates this connection error.
>
> Why happens this? I catch the security exception so I don´t know why the
> SPS redirects the Webservice´s call to another place
> Any suggestion?
>
> Thank you very much mucho
>
>

>

Relevant Pages

  • Re: friendly error messages for usernameForCertificateSecurity
    ... You are receiving that security error because WSE could not validate the ... The WSE core is who creates that exception, and it does not provide a way ... a.You can maybe use a WSE router between the client and the service, ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Code design ideas?
    ... app and the webservice, etc. ... Errors of type 1 should be handled by the client side. ... Usually it is the Message of the Exception. ... severity levels: warning and error. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: WSE 2.0 and structured Exceptionhandling
    ... all Webservice inherit from a base webservice class ... This Document is then passed along to the SoapException. ... On the client, I've created a WebServiceInvokationException which unwraps ... >> When I throw an exception on the server side, ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • friendly error messages for usernameForCertificateSecurity
    ... returned to the client in a simple way. ... In the code above if I comment out the throwing of the soap exception on the ... "Security requirements are not satisfied because the security header is not ... true error message is a less then desireable solution. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: security header is not present in the incoming message
    ... I get this exception every time I run my service thru ordinary IIS ... My client is simple ASP.NET Web Site ... Security requirements are not satisfied because the security header is ...
    (microsoft.public.dotnet.security)