Delegation failure with XMLHTTP

Discussion in 'ASP .Net Security' started by Adam Short, Aug 9, 2006.

  1. Adam Short

    Adam Short Guest

    Hi,

    I'm trying to use XMLHTTP to do an out of band call for the contents of
    a drop down. Basically a user selects an item from a drop down, and the
    onchange event fires an XMLHTTP request to the server for the contents
    of a dependent drop down (in this case, the first drop down is
    categories, the second is subcategories). In order to get the content of
    the second drop down the asp.net app on the server needs to get data
    from SQL Server (2000). When I run the app on my local machine, on my
    local instance of IIS, it works great. As soon as I transfer it to the
    server, it all goes wrong. When I select a value in the first drop down
    I get an error telling me login failed for user "\" on the SQL server. I
    take this to mean that my credentials aren't being properly passed from
    my machine, to IIS on the server and then through to SQL Server (which
    is on yet another machine). The rest of the app works perfectly, despite
    the fact that IIS and SQL Server are on two different machines (there's
    no reason they shouldn't be). The only bit that has problems is the
    XMLHTTP bit. What am I missing? Is there something wrong with the way
    I'm using XMLHTTP in this instance? I would have thought that once the
    request gets to the server, the rest of the process would work just the
    same as a normal web request, but it doesn't seem to. At some point I
    lose my credentials, but I don't really know where. If I supply
    credentials with the XMLHTTP request, it still doesn't work and I get
    the same error, presumably because the credentials still aren't being
    passed from IIS to SQL Server.

    Can anyone provide any clues with this?



    *** Sent via Developersdex http://www.developersdex.com ***
    Adam Short, Aug 9, 2006
    #1
    1. Advertising

  2. Can you tell a difference between the way your "normal" page requests from
    the browser to the web server are authenticating vs. the XMLHTTP requests?
    My guess is that if you have configured Kerberos delegation and the
    delegation is working, the problem is that you aren't getting Kerberos auth
    with XMLHTTP but are getting NTLM instead.

    Careful examination of the security event logs (enable auditing for all
    logon events!) on the web server will reveal this.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Adam Short" <> wrote in message
    news:%...
    > Hi,
    >
    > I'm trying to use XMLHTTP to do an out of band call for the contents of
    > a drop down. Basically a user selects an item from a drop down, and the
    > onchange event fires an XMLHTTP request to the server for the contents
    > of a dependent drop down (in this case, the first drop down is
    > categories, the second is subcategories). In order to get the content of
    > the second drop down the asp.net app on the server needs to get data
    > from SQL Server (2000). When I run the app on my local machine, on my
    > local instance of IIS, it works great. As soon as I transfer it to the
    > server, it all goes wrong. When I select a value in the first drop down
    > I get an error telling me login failed for user "\" on the SQL server. I
    > take this to mean that my credentials aren't being properly passed from
    > my machine, to IIS on the server and then through to SQL Server (which
    > is on yet another machine). The rest of the app works perfectly, despite
    > the fact that IIS and SQL Server are on two different machines (there's
    > no reason they shouldn't be). The only bit that has problems is the
    > XMLHTTP bit. What am I missing? Is there something wrong with the way
    > I'm using XMLHTTP in this instance? I would have thought that once the
    > request gets to the server, the rest of the process would work just the
    > same as a normal web request, but it doesn't seem to. At some point I
    > lose my credentials, but I don't really know where. If I supply
    > credentials with the XMLHTTP request, it still doesn't work and I get
    > the same error, presumably because the credentials still aren't being
    > passed from IIS to SQL Server.
    >
    > Can anyone provide any clues with this?
    >
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    Joe Kaplan \(MVP - ADSI\), Aug 9, 2006
    #2
    1. Advertising

  3. Adam Short

    Adam Short Guest

    What you say certainly sounds reasonable. I can't configure the event
    logs myself (I don't have access), but I'll get one of our systems guys
    to set it up. Hopefully we'll spot something useful. Thanks very much
    for your help.



    *** Sent via Developersdex http://www.developersdex.com ***
    Adam Short, Aug 10, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kelly D. Jones

    Problem with impersonation and delegation

    Kelly D. Jones, Sep 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,819
  2. Ilias Lazaridis
    Replies:
    0
    Views:
    568
    Ilias Lazaridis
    Feb 1, 2005
  3. Replies:
    0
    Views:
    466
  4. Sam Roberts
    Replies:
    4
    Views:
    307
    Sam Roberts
    May 7, 2008
  5. yawnmoth

    Msxml*.XMLHTTP vs. Microsoft.XMLHTTP

    yawnmoth, Nov 7, 2006, in forum: Javascript
    Replies:
    11
    Views:
    383
    Matt Kruse
    Nov 9, 2006
Loading...

Share This Page