Calling Web Service that calls other Web Service with Windows Authentication

Discussion in 'ASP .Net Web Services' started by manuelserpabrandao@gmail.com, Jun 14, 2006.

  1. Guest

    Hi all


    I would like to now the answer to the following problem, if someone can

    help.


    Given a windows application client that's calling a web service (using
    default credentials) the
    web service gets invoked fine with the users credentials. However they
    need
    to call a second web service from the first one. When it hits the
    second web
    service, the web service (even though configured correctly) always
    reports (401) Unauthorized.


    Is there any possibility to do this or is impossible ?


    Is possible to implement any workaround for this problem ?


    Thanks in advance


    Manuel Brandão
    , Jun 14, 2006
    #1
    1. Advertising

  2. you can do this...

    In webservice1 code behind you will be creating the reference object of the
    second webservice.

    There you can specify whet credential you have to use when calling web
    service2.
    for example

    WebService2 ws = new WebService2();
    ws.Credentials = ................

    and call the 2nd web service..

    since be default webservice2 will be called with the credential of asp.net
    worker process you will be gettting this error.

    Hope this helps

    <> wrote in message
    news:...
    Hi all


    I would like to now the answer to the following problem, if someone can

    help.


    Given a windows application client that's calling a web service (using
    default credentials) the
    web service gets invoked fine with the users credentials. However they
    need
    to call a second web service from the first one. When it hits the
    second web
    service, the web service (even though configured correctly) always
    reports (401) Unauthorized.


    Is there any possibility to do this or is impossible ?


    Is possible to implement any workaround for this problem ?


    Thanks in advance


    Manuel Brandão
    Balasubramanian Ramanathan, Jun 14, 2006
    #2
    1. Advertising

  3. the second web service must be on the same server as the first web service
    for this to work.

    if its on a different server, then you must switch to basic or Kerberos
    authentication.

    -- bruce (sqlwork.com)

    "Balasubramanian Ramanathan" <> wrote in message
    news:...
    > you can do this...
    >
    > In webservice1 code behind you will be creating the reference object of
    > the second webservice.
    >
    > There you can specify whet credential you have to use when calling web
    > service2.
    > for example
    >
    > WebService2 ws = new WebService2();
    > ws.Credentials = ................
    >
    > and call the 2nd web service..
    >
    > since be default webservice2 will be called with the credential of asp.net
    > worker process you will be gettting this error.
    >
    > Hope this helps
    >
    > <> wrote in message
    > news:...
    > Hi all
    >
    >
    > I would like to now the answer to the following problem, if someone can
    >
    > help.
    >
    >
    > Given a windows application client that's calling a web service (using
    > default credentials) the
    > web service gets invoked fine with the users credentials. However they
    > need
    > to call a second web service from the first one. When it hits the
    > second web
    > service, the web service (even though configured correctly) always
    > reports (401) Unauthorized.
    >
    >
    > Is there any possibility to do this or is impossible ?
    >
    >
    > Is possible to implement any workaround for this problem ?
    >
    >
    > Thanks in advance
    >
    >
    > Manuel Brandão
    >
    >
    bruce barker \(sqlwork.com\), Jun 16, 2006
    #3
  4. Guest

    Hello all,
    this is problem known as dual hop. You are passing credentials (by
    token) to one server, this is correct (just windows token is passed),
    but you cannot pass token somewhere else on remote computer, this would
    be potential security bug (program could use passed access to do
    something).
    Solution is as was written by Bruce Barker,
    - either using basic authentication (passing user and password using
    cleartext) Then you can easily use name and password for login without
    troubles, but you are facing risk of network listening ..
    - either kerberos network token passing - this also is not as secure as
    it should be. You need to configure remote computer for using this
    access in Active Directory.
    - and the last passibility is easily use the same computer for two web
    services - then you do not need to pass token remotely and windows can
    handle this on single computer.

    Martin Kunc

    Balasubramanian Ramanathan wrote:
    > you can do this...
    >
    > In webservice1 code behind you will be creating the reference object of the
    > second webservice.
    >
    > There you can specify whet credential you have to use when calling web
    > service2.
    > for example
    >
    > WebService2 ws = new WebService2();
    > ws.Credentials = ................
    >
    > and call the 2nd web service..
    >
    > since be default webservice2 will be called with the credential of asp.net
    > worker process you will be gettting this error.
    >
    > Hope this helps
    >
    > <> wrote in message
    > news:...
    > Hi all
    >
    >
    > I would like to now the answer to the following problem, if someone can
    >
    > help.
    >
    >
    > Given a windows application client that's calling a web service (using
    > default credentials) the
    > web service gets invoked fine with the users credentials. However they
    > need
    > to call a second web service from the first one. When it hits the
    > second web
    > service, the web service (even though configured correctly) always
    > reports (401) Unauthorized.
    >
    >
    > Is there any possibility to do this or is impossible ?
    >
    >
    > Is possible to implement any workaround for this problem ?
    >
    >
    > Thanks in advance
    >
    >
    > Manuel Brandão
    , Jun 17, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Billy Zhang
    Replies:
    7
    Views:
    1,210
    Steven Cheng [MSFT]
    Jul 31, 2008
  2. Isaias Formacio Serna

    Web Service that calls an external Web Service

    Isaias Formacio Serna, Jan 28, 2004, in forum: ASP .Net Security
    Replies:
    5
    Views:
    246
  3. Replies:
    1
    Views:
    232
    Joe Kaplan \(MVP - ADSI\)
    Jun 14, 2006
  4. Mike Friel

    User authentication on Web Service calls from an NTD app

    Mike Friel, Oct 24, 2003, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    117
    Mike Friel
    Oct 24, 2003
  5. Multiple web service calls from web service

    , Jan 5, 2006, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    180
    Rodrigo García
    Jan 9, 2006
Loading...

Share This Page