Cross domain webservice

Discussion in 'ASP .Net Web Services' started by reddy, Aug 23, 2003.

  1. reddy

    reddy Guest

    Hi,

    We have developed a webservice that retrieves Free/Busy information from the
    Exchange Server and returns it to the client.

    The webservice and webclient are installed on one domain. Exchange Server
    is running in the other domain. Both the domains are in different forests.

    Now when we try to call the webservice either directly or through webclient,
    we are getting the following error
    '401 Remote server denied access'.

    The webservice and webclient are running under Anonylous access and the
    credentials to log onto the Exchange Server are provided through an external
    text file.

    The web service works ok when both the service and Exchange server are in
    the same domain or under the same parent domain. The cross domain trusts
    are in place as is evident from
    successful mapping of shares on either side.

    What could be the problem? Any help is highly appreciated.

    Thanks,

    Reddy
    I.S.Solutions P. Ltd.
     
    reddy, Aug 23, 2003
    #1
    1. Advertising

  2. reddy

    reddy Guest

    Hi Frank,

    Thanks for the info. But we are not able torun the webservice as an account
    in the other domain. Where can we find more info on this and also on
    creating mirrored account.

    Reddy

    Frank Drebin <> wrote in message
    news:6qC1b.30344$...
    >You need to have the webservice run as an account (via ADSI) that has

    proper
    >authority on the Exchange server -or- create a mirrored account on the
    >webservice machine - so that when it goes to talk to the Exchange server -
    >it will find a matching account and let you in.
    >
    >The way it is right now, when the webservice goes to attach to the Exchange
    >box - it has no idea who you are. Or - it knows who you are (an
    >authenticated user, from a machine I don't trust) but won't let you in..
    >
    >hth
    >
    >"reddy" <> wrote in message
    >news:...
    >> Hi,
    >>
    >> We have developed a webservice that retrieves Free/Busy information from

    >the
    >> Exchange Server and returns it to the client.
    >>
    >> The webservice and webclient are installed on one domain. Exchange

    Server
    >> is running in the other domain. Both the domains are in different

    >forests.
    >>
    >> Now when we try to call the webservice either directly or through

    >webclient,
    >> we are getting the following error
    >> '401 Remote server denied access'.
    >>
    >> The webservice and webclient are running under Anonylous access and the
    >> credentials to log onto the Exchange Server are provided through an

    >external
    >> text file.
    >>
    >> The web service works ok when both the service and Exchange server are in
    >> the same domain or under the same parent domain. The cross domain trusts
    >> are in place as is evident from
    >> successful mapping of shares on either side.
    >>
    >> What could be the problem? Any help is highly appreciated.
    >>
    >> Thanks,
    >>
    >> Reddy
    >> I.S.Solutions P. Ltd.
    >>
    >>
    >>

    >
    >
     
    reddy, Aug 23, 2003
    #2
    1. Advertising

  3. reddy

    Frank Drebin Guest

    Reddy,

    Do you mean you don't know how or that you aren't allowed for some reason?
    What I was saying below was almost the same thing - you would need to set
    IIS to run as a different person, a person that BOTH machine know. So either
    point both machines to an account (even if you create a new one called
    "WebSvc Account") in Active Directory.

    Or - create an account called "WebSvc Account" on the Exchange server, and
    then create an account called "WebSvc Account" on the web server. Set the
    Web Service IIS application to run as "WebSvc Account" - and on the Exchange
    server, give that account whatever privileges the Web Service needs over
    there. You need to make sure, that when the web service talks to the
    Exchange server - they both see that that Web Service is a real, trusted
    account... OR - you can have the web service run as this untrusted account
    and talk to the Exchange server - and when it gets there, even if the
    Exchange server doesn't know who you are or trust you - if the username and
    password matches exactly to an account that is on that box, you will be let
    it...

    Another thing you may try, is authenticating programatically... not sure if
    this will work though. Here is a working class:

    -----------------------------

    using System;
    using System.Runtime.InteropServices;

    [StructLayout(LayoutKind.Sequential)]
    public struct NETRESOURCEA
    {
    public int dwScope;
    public int dwType;
    public int dwDisplayType;
    public int dwUsage;
    [ MarshalAs (UnmanagedType.LPStr)]
    public string lpLocalName;
    [ MarshalAs (UnmanagedType.LPStr)]
    public string lpRemoteName;
    [ MarshalAs (UnmanagedType.LPStr)]
    public string lpComment;
    [ MarshalAs (UnmanagedType.LPStr)]
    public string lpProvider;
    public override String ToString()
    {
    String str = "LocalName: " + lpLocalName + " RemoteName: " + lpRemoteName
    + " Comment: " + lpComment + " lpProvider: " + lpProvider;
    return(str);
    }
    }

    class Authentication
    {
    [DllImport("mpr.dll")]
    private static extern int WNetAddConnection2A(
    [MarshalAs(UnmanagedType.LPArray)] NETRESOURCEA[] lpNetResource,
    [MarshalAs(UnmanagedType.LPStr)] string lpPassword,
    [MarshalAs(UnmanagedType.LPStr)] string UserName,
    int dwFlags);
    [DllImport("mpr.dll")]
    private static extern int WNetCancelConnection2(
    [MarshalAs(UnmanagedType.LPStr)] string lpName,
    int dwFlags,
    bool fForce);

    public static int ValidateUser(string Server,string User,string Password)
    {
    NETRESOURCEA [] n = new NETRESOURCEA[1];
    n[0] = new NETRESOURCEA();
    n[0].dwType = 0;
    int dwFlags = 1;
    n[0].lpLocalName = null;
    n[0].lpRemoteName = @"\\" + Server + @"\IPC$";
    n[0].lpProvider = null;

    int res = WNetAddConnection2A( n, Password, User, dwFlags );
    return res;
    }
    public static void CancelConnection(string Connection)
    {
    WNetCancelConnection2(Connection, 0, true);
    }
    }

    -----------------------------

    And to use this, you just do this:

    int intRet =
    Authentication.ValidateUser("MyServer","hsimpson","donuts");
    if ( intRet == 0 )
    {
    // login was good
    }
    else
    {
    // login was bad - error number is intRet
    }


    hth


    "reddy" <> wrote in message
    news:...
    > Hi Frank,
    >
    > Thanks for the info. But we are not able torun the webservice as an

    account
    > in the other domain. Where can we find more info on this and also on
    > creating mirrored account.
    >
    > Reddy
    >
    > Frank Drebin <> wrote in message
    > news:6qC1b.30344$...
    > >You need to have the webservice run as an account (via ADSI) that has

    > proper
    > >authority on the Exchange server -or- create a mirrored account on the
    > >webservice machine - so that when it goes to talk to the Exchange

    server -
    > >it will find a matching account and let you in.
    > >
    > >The way it is right now, when the webservice goes to attach to the

    Exchange
    > >box - it has no idea who you are. Or - it knows who you are (an
    > >authenticated user, from a machine I don't trust) but won't let you in..
    > >
    > >hth
    > >
    > >"reddy" <> wrote in message
    > >news:...
    > >> Hi,
    > >>
    > >> We have developed a webservice that retrieves Free/Busy information

    from
    > >the
    > >> Exchange Server and returns it to the client.
    > >>
    > >> The webservice and webclient are installed on one domain. Exchange

    > Server
    > >> is running in the other domain. Both the domains are in different

    > >forests.
    > >>
    > >> Now when we try to call the webservice either directly or through

    > >webclient,
    > >> we are getting the following error
    > >> '401 Remote server denied access'.
    > >>
    > >> The webservice and webclient are running under Anonylous access and the
    > >> credentials to log onto the Exchange Server are provided through an

    > >external
    > >> text file.
    > >>
    > >> The web service works ok when both the service and Exchange server are

    in
    > >> the same domain or under the same parent domain. The cross domain

    trusts
    > >> are in place as is evident from
    > >> successful mapping of shares on either side.
    > >>
    > >> What could be the problem? Any help is highly appreciated.
    > >>
    > >> Thanks,
    > >>
    > >> Reddy
    > >> I.S.Solutions P. Ltd.
    > >>
    > >>
    > >>

    > >
    > >

    >
    >
     
    Frank Drebin, Aug 23, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,485
    CyberOwl
    Sep 7, 2009
  2. Martin Doyle

    Cross-domain cookie synchronisation

    Martin Doyle, Apr 20, 2005, in forum: Java
    Replies:
    0
    Views:
    915
    Martin Doyle
    Apr 20, 2005
  3. Replies:
    0
    Views:
    350
  4. legendbb
    Replies:
    0
    Views:
    686
    legendbb
    May 9, 2006
  5. Florian Leitner

    cross domain webservice requests from client

    Florian Leitner, Jul 6, 2007, in forum: Javascript
    Replies:
    1
    Views:
    146
    Ben Amada
    Jul 7, 2007
Loading...

Share This Page