custom code + delegation = problem...

[Jéjé]

Hi,

I have a custom aspx page which access RS (Reporting Services) using the
webservice interface.

I'm using the delegation (defautcredentialcache) to send the user
authentication to RS.
RS and my web application are on the same server.

this works fine in 2 cases:
* NT authentication used in both virtual directories (/reportserver & /
mycustomapp)
* Basic authentication used for /mycustomapp but NT authentication for
/reportserver

But I want to setup the Basic authentication for both the /reportserver & /
mycustomapp virtual folders.

I don't understand why using the default credential cache doesn't works.
my current work around is to detect if I'm in Basic authentication mode,
then a create a networkcredential object base on the current user login &
password.

does it a RS related issue? or an ASP.Net one?

 

[Duane Laflotte]

Hello,
I've had issues with webservices and credential delegation many times.
I have a quick article I wrote here that may help. If not let me know and
I can try to help out.

article http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31

Good Luck,
Duane

 

[Jéjé]

mmm
I allready have tested this without more success.

now the only problem I have is this:
* Frontend custom app using Basic authentication
* Reportserver using both NTLM & Basic authentication

in this case, I send the username + password of the active user, but I
receive a permission error!
I think the system try to use the integrated security...

 

[Joe Kaplan \(MVP - ADSI\)]

If the front end server is using basic auth, are you capturing the user name
and password from that and passing those in your NetworkCredential object or
are you using DefaultCredentials?

Joe K.

 

[Jéjé]

yes.

Dim header As String = Page.Request.ServerVariables("HTTP_AUTHORIZATION")

If header.StartsWith("Basic") Or header = "" Then

oServ.Credentials = New
Net.NetworkCredential(Page.Request.ServerVariables("AUTH_USER"),
Page.Request.ServerVariables("AUTH_PASSWORD"))

Else

oServ.PreAuthenticate = True

oServ.Credentials = Net.CredentialCache.DefaultCredentials

End If


I have also tried with PreAuthenticate = true with basic authentication.
This code works fine if integrated security is disabled for the reportserver
virtual folder (so both web sites used the same security model)

There is a way to force the preferred authentication method used when I call
the webservice?

 

[Joe Kaplan \(MVP - ADSI\)]

As far as I know you can't force the client to only do one authentication
method, but I could be wrong. Typically, the client and server will
negotiate based on what the server accepts and the client can provide.

What happens if you specify a domain in the NetworkCredential (or does the
AUTH_USER header already have a domain name like "domain\user" or a upn like
(e-mail address removed)?)?

Joe K.

 

[Jéjé]

the domain is allready in the auth_user variable.

well... nothing works, so I'm using my workaround.
which is creating a second "reportserver" virtual folder, where only basic
authentication is used, and then there is no problems.

I think RS prefer to use the NT authentication instead-of the basic
authentication.