Call to webservice doesn't pass in credentials

[elora_c]

I'm making a call to a webservice from my ASP.NET page. The web
application has anonymous access turned off and Integrated Windows auth
turned on. The web.config has <identity impersonate=true>. I set the
credentials of the web service proxy to the DefaultCredentials. Right
before I make the call, I print out the WindowsIdentity, and it is
showing the right identity. So I know the web application is
authenticating properly. However, the call to the web service isn't
using those credentials. Looking at the IIS logs for the webservice,
it isn't passing in any credentials, so is returning a 401. The
web.config for the webservice has allow all users. And I can call the
webservice successfully from my development machine. It is just when I
run the web application on the QA box that it fails.

Is there anything I might be missing?

Thanks,
Carole

 

[Ram P. Dash]

Hi Carole,

Does your web.config of the web service contain the following line?
<authentication mode="Windows" />

Pass in a valid credential to your client proxy by doing this:

myWebService.Credentials = new System.Net.NetworkCredential("myUserName",
"myPassword", "myDomain");

and capture the credential at your service side by doing this (you already
have impersonation = true in web.config):

System.Security.Principal.WindowsIdentity.GetCurrent().Name

or

System.Threading.Thread.CurrentPrincipal.Identity.Name

What do you see? Is it same as "myUserName"?

Thanks,
Ram

 

[Bruce Barker]

standard nt security does not allow creditials forwarding (1 hop rule).
unless the website is hit from a local browser (like on your local dev box),
asp.net will not have login token it can use to access another server.

you will need to switch to Kerberos and turn on credentials forwarding.

http://support.microsoft.com/default.aspx?scid=kb;en-us;810572

-- bruce (sqlwork.com)