Integrated Authentication, Impersonation, and Web Services

Discussion in 'ASP .Net Security' started by Web Developer, Dec 15, 2004.

  1. Environment:
    OS: Windows 2003
    IIS: 6
    ..Net Framework: 1.1
    Authentication Scheme: Windows Integrated Authentication
    Impersonation: Enabled

    Error Message:
    Exception Type: System.Net.WebException
    Status: ProtocolError
    Response: System.Net.HttpWebResponse
    Message: The request failed with HTTP status 401: Unauthorized.
    TargetSite: System.Object[]
    ReadResponse(System.Web.Services.Protocols.SoapClientMessage,
    System.Net.WebResponse, System.IO.Stream, Boolean)
    HelpLink: NULL
    Source: System.Web.Services

    Scenario:
    I have two server environments. One houses ASP.Net web form applications,
    the other houses ASP.Net web services. Both use IIS Windows Integrated
    Authentication and impersonation. When my web forms make calls to the web
    services, they get 401 errors.

    I read that NTLM doesn't support delegation, and that Kerberos isn't
    automatically enabled with WIA. Do I need to enable Kerberos to get
    impersonation to work accross web servers? What's happening to the
    credentials of the authenticated user?

    Thank you.
     
    Web Developer, Dec 15, 2004
    #1
    1. Advertising

  2. Web Developer

    Paul Clement Guest

    On Wed, 15 Dec 2004 10:19:02 -0800, "Web Developer" <Web > wrote:

    ¤ Environment:
    ¤ OS: Windows 2003
    ¤ IIS: 6
    ¤ .Net Framework: 1.1
    ¤ Authentication Scheme: Windows Integrated Authentication
    ¤ Impersonation: Enabled
    ¤
    ¤ Error Message:
    ¤ Exception Type: System.Net.WebException
    ¤ Status: ProtocolError
    ¤ Response: System.Net.HttpWebResponse
    ¤ Message: The request failed with HTTP status 401: Unauthorized.
    ¤ TargetSite: System.Object[]
    ¤ ReadResponse(System.Web.Services.Protocols.SoapClientMessage,
    ¤ System.Net.WebResponse, System.IO.Stream, Boolean)
    ¤ HelpLink: NULL
    ¤ Source: System.Web.Services
    ¤
    ¤ Scenario:
    ¤ I have two server environments. One houses ASP.Net web form applications,
    ¤ the other houses ASP.Net web services. Both use IIS Windows Integrated
    ¤ Authentication and impersonation. When my web forms make calls to the web
    ¤ services, they get 401 errors.
    ¤
    ¤ I read that NTLM doesn't support delegation, and that Kerberos isn't
    ¤ automatically enabled with WIA. Do I need to enable Kerberos to get
    ¤ impersonation to work accross web servers? What's happening to the
    ¤ credentials of the authenticated user?

    Unless you are using Basic authentication (w/o SSL) I believe that you need to implement Kerberos
    delegation in order to access remote resources.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp


    Paul ~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Dec 15, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    708
  2. Brian
    Replies:
    1
    Views:
    491
    Scott Allen
    May 4, 2005
  3. Eric
    Replies:
    1
    Views:
    549
    Patrick.O.Ige
    Oct 19, 2005
  4. Tim B
    Replies:
    3
    Views:
    128
  5. Phil Aldis
    Replies:
    3
    Views:
    224
    Raterus
    Aug 16, 2004
Loading...

Share This Page