ASP.NET Forms Authentication site calling web service

Discussion in 'ASP .Net' started by Ryan, Feb 3, 2010.

  1. Ryan

    Ryan Guest

    I'm getting no where on this. I have a web service that's used for a
    mobile app. I began developing a web app utilizing this web service
    as a console to enable users more capabilities than on the mobile
    application.

    My login page asks for a custom user name and password hence why I'm
    using forms authentication. My login page calls my web service to
    ensure the user input has appropiate access to this application. AH
    HA...everytime my object makes the web service call, I get a 401:
    Unauthorized error. I have impersonation set to the true in both my
    web app and web service web.config files. In the web service, I have
    authentication set as windows and authorization as allow all users.
    Setting the credentials web service proxy property on the web client
    side isn't helping because I won't know the password of the current
    windows identity. So my question is what must I do to get the web
    client to successfully make the call to the web service????
     
    Ryan, Feb 3, 2010
    #1
    1. Advertising

  2. Ryan

    Mr. Arnold Guest

    Ryan wrote:
    > I'm getting no where on this. I have a web service that's used for a
    > mobile app. I began developing a web app utilizing this web service
    > as a console to enable users more capabilities than on the mobile
    > application.
    >
    > My login page asks for a custom user name and password hence why I'm
    > using forms authentication. My login page calls my web service to
    > ensure the user input has appropiate access to this application. AH
    > HA...everytime my object makes the web service call, I get a 401:
    > Unauthorized error. I have impersonation set to the true in both my
    > web app and web service web.config files. In the web service, I have
    > authentication set as windows and authorization as allow all users.
    > Setting the credentials web service proxy property on the web client
    > side isn't helping because I won't know the password of the current
    > windows identity. So my question is what must I do to get the web
    > client to successfully make the call to the web service????


    So what are the credentials being used by the Web service itself? By
    going to the Web service in IIS and looking at login credentials, you
    can see what the user ID and psw, well not the psw if set as it's
    protected and should be known, that's needed to login to access the
    service. Maybe it needs to be set to anonymous login for the Web service
    at the site.

    You can enable Windows NT Auditing and have it log the success and
    failure login attempts to the service on the machine, so it can tell you
    the user-id and psw that's being rejected. You use Admin Tools/Event
    Viwer/Secuity Log to see the user-id being rejected.
     
    Mr. Arnold, Feb 4, 2010
    #2
    1. Advertising

  3. Ryan

    Ryan Guest

    On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:
    > Ryan wrote:
    > > I'm getting no where on this.  I have a web service that's used for a
    > > mobile app.  I began developing a web app utilizing this web service
    > > as a console to enable users more capabilities than on the mobile
    > > application.

    >
    > > My login page asks for a custom user name and password hence why I'm
    > > using forms authentication.  My login page calls my web service to
    > > ensure the user input has appropiate access to this application.  AH
    > > HA...everytime my object makes the web service call, I get a 401:
    > > Unauthorized error.  I have impersonation set to the true in both my
    > > web app and web service web.config files.  In the web service, I have
    > > authentication set as windows and authorization as allow all users.
    > > Setting the credentials web service proxy property on the web client
    > > side isn't helping because I won't know the password of the current
    > > windows identity.  So my question is what must I do to get the web
    > > client to successfully make the call to the web service????

    >
    > So what are the credentials being used by the Web service itself? By
    > going to the Web service in IIS and looking at login credentials, you
    > can see what the user ID and psw, well not the psw if set as it's
    > protected and should be known, that's needed to login to access the
    > service. Maybe it needs to be set to anonymous login for the Web service
    > at the site.
    >
    > You can enable Windows NT Auditing and have it log the success and
    > failure login attempts to the service on the machine, so it can tell you
    > the user-id and psw that's being rejected. You use Admin Tools/Event
    > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -
    >
    > - Show quoted text -


    When I look at the credentials on the web proxy, they are empty. I
    had the web service virtual directory in IIS setup with anonymous
    access and windows integration. I was still able to get to the site
    through IE. How can I setup NT Auditing? Its a Windows 2003 Server.
     
    Ryan, Feb 4, 2010
    #3
  4. On Feb 4, 1:57 pm, Ryan <> wrote:
    > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:
    >
    >
    >
    >
    >
    > > Ryan wrote:
    > > > I'm getting no where on this.  I have a web service that's used for a
    > > > mobile app.  I began developing a web app utilizing this web service
    > > > as a console to enable users more capabilities than on the mobile
    > > > application.

    >
    > > > My login page asks for a custom user name and password hence why I'm
    > > > using forms authentication.  My login page calls my web service to
    > > > ensure the user input has appropiate access to this application.  AH
    > > > HA...everytime my object makes the web service call, I get a 401:
    > > > Unauthorized error.  I have impersonation set to the true in both my
    > > > web app and web service web.config files.  In the web service, I have
    > > > authentication set as windows and authorization as allow all users.
    > > > Setting the credentials web service proxy property on the web client
    > > > side isn't helping because I won't know the password of the current
    > > > windows identity.  So my question is what must I do to get the web
    > > > client to successfully make the call to the web service????

    >
    > > So what are the credentials being used by the Web service itself? By
    > > going to the Web service in IIS and looking at login credentials, you
    > > can see what the user ID and psw, well not the psw if set as it's
    > > protected and should be known, that's needed to login to access the
    > > service. Maybe it needs to be set to anonymous login for the Web service
    > > at the site.

    >
    > > You can enable Windows NT Auditing and have it log the success and
    > > failure login attempts to the service on the machine, so it can tell you
    > > the user-id and psw that's being rejected. You use Admin Tools/Event
    > > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > When I look at the credentials on the web proxy, they are empty.  I
    > had the web service virtual directory in IIS setup with anonymous
    > access and windows integration.  I was still able to get to the site
    > through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -
    >
    > - Show quoted text -


    I don't get why you want to use custom credentials and impersonation
    together. Is it an intranet application?

    Look at the following tutorial, I think it can help you
    http://www.15seconds.com/Issue/020312.htm
     
    Alexey Smirnov, Feb 4, 2010
    #4
  5. Ryan

    Ryan Guest

    On Feb 4, 8:11 am, Alexey Smirnov <> wrote:
    > On Feb 4, 1:57 pm, Ryan <> wrote:
    >
    >
    >
    >
    >
    > > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:

    >
    > > > Ryan wrote:
    > > > > I'm getting no where on this.  I have a web service that's used for a
    > > > > mobile app.  I began developing a web app utilizing this web service
    > > > > as a console to enable users more capabilities than on the mobile
    > > > > application.

    >
    > > > > My login page asks for a custom user name and password hence why I'm
    > > > > using forms authentication.  My login page calls my web service to
    > > > > ensure the user input has appropiate access to this application.  AH
    > > > > HA...everytime my object makes the web service call, I get a 401:
    > > > > Unauthorized error.  I have impersonation set to the true in both my
    > > > > web app and web service web.config files.  In the web service, I have
    > > > > authentication set as windows and authorization as allow all users.
    > > > > Setting the credentials web service proxy property on the web client
    > > > > side isn't helping because I won't know the password of the current
    > > > > windows identity.  So my question is what must I do to get the web
    > > > > client to successfully make the call to the web service????

    >
    > > > So what are the credentials being used by the Web service itself? By
    > > > going to the Web service in IIS and looking at login credentials, you
    > > > can see what the user ID and psw, well not the psw if set as it's
    > > > protected and should be known, that's needed to login to access the
    > > > service. Maybe it needs to be set to anonymous login for the Web service
    > > > at the site.

    >
    > > > You can enable Windows NT Auditing and have it log the success and
    > > > failure login attempts to the service on the machine, so it can tell you
    > > > the user-id and psw that's being rejected. You use Admin Tools/Event
    > > > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > When I look at the credentials on the web proxy, they are empty.  I
    > > had the web service virtual directory in IIS setup with anonymous
    > > access and windows integration.  I was still able to get to the site
    > > through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > I don't get why you want to use custom credentials and impersonation
    > together. Is it an intranet application?
    >
    > Look at the following tutorial, I think it can help youhttp://www.15seconds.com/Issue/020312.htm- Hide quoted text -
    >
    > - Show quoted text -


    It is an intranet application but we maintain our own custom security
    model. All users don't have a windows account. I wish they did but
    unfortunately, I don't have that luxury.
     
    Ryan, Feb 4, 2010
    #5
  6. On Feb 4, 2:34 pm, Ryan <> wrote:
    > On Feb 4, 8:11 am, Alexey Smirnov <> wrote:
    >
    >
    >
    >
    >
    > > On Feb 4, 1:57 pm, Ryan <> wrote:

    >
    > > > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:

    >
    > > > > Ryan wrote:
    > > > > > I'm getting no where on this.  I have a web service that's used for a
    > > > > > mobile app.  I began developing a web app utilizing this web service
    > > > > > as a console to enable users more capabilities than on the mobile
    > > > > > application.

    >
    > > > > > My login page asks for a custom user name and password hence why I'm
    > > > > > using forms authentication.  My login page calls my web service to
    > > > > > ensure the user input has appropiate access to this application.  AH
    > > > > > HA...everytime my object makes the web service call, I get a 401:
    > > > > > Unauthorized error.  I have impersonation set to the true in both my
    > > > > > web app and web service web.config files.  In the web service, I have
    > > > > > authentication set as windows and authorization as allow all users.
    > > > > > Setting the credentials web service proxy property on the web client
    > > > > > side isn't helping because I won't know the password of the current
    > > > > > windows identity.  So my question is what must I do to get the web
    > > > > > client to successfully make the call to the web service????

    >
    > > > > So what are the credentials being used by the Web service itself? By
    > > > > going to the Web service in IIS and looking at login credentials, you
    > > > > can see what the user ID and psw, well not the psw if set as it's
    > > > > protected and should be known, that's needed to login to access the
    > > > > service. Maybe it needs to be set to anonymous login for the Web service
    > > > > at the site.

    >
    > > > > You can enable Windows NT Auditing and have it log the success and
    > > > > failure login attempts to the service on the machine, so it can tell you
    > > > > the user-id and psw that's being rejected. You use Admin Tools/Event
    > > > > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

    >
    > > > > - Show quoted text -

    >
    > > > When I look at the credentials on the web proxy, they are empty.  I
    > > > had the web service virtual directory in IIS setup with anonymous
    > > > access and windows integration.  I was still able to get to the site
    > > > through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > I don't get why you want to use custom credentials and impersonation
    > > together. Is it an intranet application?

    >
    > > Look at the following tutorial, I think it can help youhttp://www.15seconds.com/Issue/020312.htm-Hide quoted text -

    >
    > > - Show quoted text -

    >
    > It is an intranet application but we maintain our own custom security
    > model.  All users don't have a windows account.


    Ok, why then you need to have authentication set as windows? If not
    all users have a domain account, then Windows Authentication will not
    work. Sorry, it's still not clear to me.

    Anyway, we can test if it can work properly for domain users. Ensure
    that anonymous access is turned off for the Web service. Then go to
    you login page and assign the DefaultCredentials to the Credentials
    property of the Web Service Proxy class you created.

    e.g.

    localhost.Service1 myProxy = new localhost.Service1();
    myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;

    The DefaultCredentials property of the CredentialCache class provides
    system credentials of the security context where the application is
    running.

    Read more: http://support.microsoft.com/kb/811318

    Hope this helps
     
    Alexey Smirnov, Feb 4, 2010
    #6
  7. Ryan

    Ryan Guest

    On Feb 4, 10:51 am, Alexey Smirnov <> wrote:
    > On Feb 4, 2:34 pm, Ryan <> wrote:
    >
    >
    >
    >
    >
    > > On Feb 4, 8:11 am, Alexey Smirnov <> wrote:

    >
    > > > On Feb 4, 1:57 pm, Ryan <> wrote:

    >
    > > > > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:

    >
    > > > > > Ryan wrote:
    > > > > > > I'm getting no where on this.  I have a web service that's used for a
    > > > > > > mobile app.  I began developing a web app utilizing this web service
    > > > > > > as a console to enable users more capabilities than on the mobile
    > > > > > > application.

    >
    > > > > > > My login page asks for a custom user name and password hence why I'm
    > > > > > > using forms authentication.  My login page calls my web service to
    > > > > > > ensure the user input has appropiate access to this application..  AH
    > > > > > > HA...everytime my object makes the web service call, I get a 401:
    > > > > > > Unauthorized error.  I have impersonation set to the true in both my
    > > > > > > web app and web service web.config files.  In the web service, I have
    > > > > > > authentication set as windows and authorization as allow all users.
    > > > > > > Setting the credentials web service proxy property on the web client
    > > > > > > side isn't helping because I won't know the password of the current
    > > > > > > windows identity.  So my question is what must I do to get the web
    > > > > > > client to successfully make the call to the web service????

    >
    > > > > > So what are the credentials being used by the Web service itself? By
    > > > > > going to the Web service in IIS and looking at login credentials, you
    > > > > > can see what the user ID and psw, well not the psw if set as it's
    > > > > > protected and should be known, that's needed to login to access the
    > > > > > service. Maybe it needs to be set to anonymous login for the Web service
    > > > > > at the site.

    >
    > > > > > You can enable Windows NT Auditing and have it log the success and
    > > > > > failure login attempts to the service on the machine, so it can tell you
    > > > > > the user-id and psw that's being rejected. You use Admin Tools/Event
    > > > > > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

    >
    > > > > > - Show quoted text -

    >
    > > > > When I look at the credentials on the web proxy, they are empty.  I
    > > > > had the web service virtual directory in IIS setup with anonymous
    > > > > access and windows integration.  I was still able to get to the site
    > > > > through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -

    >
    > > > > - Show quoted text -

    >
    > > > I don't get why you want to use custom credentials and impersonation
    > > > together. Is it an intranet application?

    >
    > > > Look at the following tutorial, I think it can help youhttp://www.15seconds.com/Issue/020312.htm-Hidequoted text -

    >
    > > > - Show quoted text -

    >
    > > It is an intranet application but we maintain our own custom security
    > > model.  All users don't have a windows account.

    >
    > Ok, why then you need to have authentication set as windows? If not
    > all users have a domain account, then Windows Authentication will not
    > work. Sorry, it's still not clear to me.
    >
    > Anyway, we can test if it can work properly for domain users. Ensure
    > that anonymous access is turned off for the Web service. Then go to
    > you login page and assign the DefaultCredentials to the Credentials
    > property of the Web Service Proxy class you created.
    >
    > e.g.
    >
    > localhost.Service1 myProxy = new localhost.Service1();
    > myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;
    >
    > The DefaultCredentials property of the CredentialCache class provides
    > system credentials of the security context where the application is
    > running.
    >
    > Read more:http://support.microsoft.com/kb/811318
    >
    > Hope this helps- Hide quoted text -
    >
    > - Show quoted text -


    As I was going through trial and setup, I having a tough time getting
    the web app to work without Windows Authentication. When using
    anonymous access, I kept getting the digest box for the login page
    request. Also, a user can be logged on to the domain however, not
    have access to every application.

    Nonetheless, setting to DefaultCredentials worked. I appreciate your
    help.
     
    Ryan, Feb 4, 2010
    #7
  8. On Feb 4, 6:26 pm, Ryan <> wrote:
    > On Feb 4, 10:51 am, Alexey Smirnov <> wrote:
    >
    >
    >
    >
    >
    > > On Feb 4, 2:34 pm, Ryan <> wrote:

    >
    > > > On Feb 4, 8:11 am, Alexey Smirnov <> wrote:

    >
    > > > > On Feb 4, 1:57 pm, Ryan <> wrote:

    >
    > > > > > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:

    >
    > > > > > > Ryan wrote:
    > > > > > > > I'm getting no where on this.  I have a web service that's used for a
    > > > > > > > mobile app.  I began developing a web app utilizing this web service
    > > > > > > > as a console to enable users more capabilities than on the mobile
    > > > > > > > application.

    >
    > > > > > > > My login page asks for a custom user name and password hence why I'm
    > > > > > > > using forms authentication.  My login page calls my web service to
    > > > > > > > ensure the user input has appropiate access to this application.  AH
    > > > > > > > HA...everytime my object makes the web service call, I get a 401:
    > > > > > > > Unauthorized error.  I have impersonation set to the true in both my
    > > > > > > > web app and web service web.config files.  In the web service, I have
    > > > > > > > authentication set as windows and authorization as allow all users.
    > > > > > > > Setting the credentials web service proxy property on the web client
    > > > > > > > side isn't helping because I won't know the password of the current
    > > > > > > > windows identity.  So my question is what must I do to get the web
    > > > > > > > client to successfully make the call to the web service????

    >
    > > > > > > So what are the credentials being used by the Web service itself? By
    > > > > > > going to the Web service in IIS and looking at login credentials, you
    > > > > > > can see what the user ID and psw, well not the psw if set as it's
    > > > > > > protected and should be known, that's needed to login to access the
    > > > > > > service. Maybe it needs to be set to anonymous login for the Web service
    > > > > > > at the site.

    >
    > > > > > > You can enable Windows NT Auditing and have it log the success and
    > > > > > > failure login attempts to the service on the machine, so it can tell you
    > > > > > > the user-id and psw that's being rejected. You use Admin Tools/Event
    > > > > > > Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

    >
    > > > > > > - Show quoted text -

    >
    > > > > > When I look at the credentials on the web proxy, they are empty.  I
    > > > > > had the web service virtual directory in IIS setup with anonymous
    > > > > > access and windows integration.  I was still able to get to the site
    > > > > > through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -

    >
    > > > > > - Show quoted text -

    >
    > > > > I don't get why you want to use custom credentials and impersonation
    > > > > together. Is it an intranet application?

    >
    > > > > Look at the following tutorial, I think it can help youhttp://www.15seconds.com/Issue/020312.htm-Hidequotedtext -

    >
    > > > > - Show quoted text -

    >
    > > > It is an intranet application but we maintain our own custom security
    > > > model.  All users don't have a windows account.

    >
    > > Ok, why then you need to have authentication set as windows? If not
    > > all users have a domain account, then Windows Authentication will not
    > > work. Sorry, it's still not clear to me.

    >
    > > Anyway, we can test if it can work properly for domain users. Ensure
    > > that anonymous access is turned off for the Web service. Then go to
    > > you login page and assign the DefaultCredentials to the Credentials
    > > property of the Web Service Proxy class you created.

    >
    > > e.g.

    >
    > > localhost.Service1 myProxy = new localhost.Service1();
    > > myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;

    >
    > > The DefaultCredentials property of the CredentialCache class provides
    > > system credentials of the security context where the application is
    > > running.

    >
    > > Read more:http://support.microsoft.com/kb/811318

    >
    > > Hope this helps- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > As I was going through trial and setup, I having a tough time getting
    > the web app to work without Windows Authentication.  When using
    > anonymous access, I kept getting the digest box for the login page
    > request.  Also, a user can be logged on to the domain however, not
    > have access to every application.
    >
    > Nonetheless, setting to DefaultCredentials worked.  I appreciate your
    > help.- Hide quoted text -
    >
    > - Show quoted text -


    Glad it works now for you!
     
    Alexey Smirnov, Feb 4, 2010
    #8
  9. Ryan

    Mr. Arnold Guest

    Ryan wrote:
    > On Feb 3, 10:24 pm, "Mr. Arnold" <> wrote:
    >> Ryan wrote:
    >>> I'm getting no where on this. I have a web service that's used for a
    >>> mobile app. I began developing a web app utilizing this web service
    >>> as a console to enable users more capabilities than on the mobile
    >>> application.
    >>> My login page asks for a custom user name and password hence why I'm
    >>> using forms authentication. My login page calls my web service to
    >>> ensure the user input has appropiate access to this application. AH
    >>> HA...everytime my object makes the web service call, I get a 401:
    >>> Unauthorized error. I have impersonation set to the true in both my
    >>> web app and web service web.config files. In the web service, I have
    >>> authentication set as windows and authorization as allow all users.
    >>> Setting the credentials web service proxy property on the web client
    >>> side isn't helping because I won't know the password of the current
    >>> windows identity. So my question is what must I do to get the web
    >>> client to successfully make the call to the web service????

    >> So what are the credentials being used by the Web service itself? By
    >> going to the Web service in IIS and looking at login credentials, you
    >> can see what the user ID and psw, well not the psw if set as it's
    >> protected and should be known, that's needed to login to access the
    >> service. Maybe it needs to be set to anonymous login for the Web service
    >> at the site.
    >>
    >> You can enable Windows NT Auditing and have it log the success and
    >> failure login attempts to the service on the machine, so it can tell you
    >> the user-id and psw that's being rejected. You use Admin Tools/Event
    >> Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    > When I look at the credentials on the web proxy, they are empty. I
    > had the web service virtual directory in IIS setup with anonymous
    > access and windows integration. I was still able to get to the site
    > through IE. How can I setup NT Auditing? Its a Windows 2003 Server.



    You can find the information out there on Google on enabling auditing on
    NT based O/S(s).
     
    Mr. Arnold, Feb 4, 2010
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    647
  2. Replies:
    1
    Views:
    252
    Joe Kaplan \(MVP - ADSI\)
    Jun 14, 2006
  3. Ryan
    Replies:
    0
    Views:
    829
  4. Replies:
    3
    Views:
    389
  5. Leo Violette
    Replies:
    0
    Views:
    1,104
    Leo Violette
    Apr 17, 2009
Loading...

Share This Page