Nested WebApp/Service Credentials Issue

Discussion in 'ASP .Net Web Services' started by Ray Williams, Apr 12, 2004.

  1. Ray Williams

    Ray Williams Guest

    I've developed a system that consists of three applications. (A) a web application to provide UI (B) a web service to handle shopping and buying requests and (C) a web service to process credit card transactions.

    The applications are accessed linearly, A ó B ó C. In development, my application suite works fine, when browsing application A, I can submit shop and buy requests to B and they are processed correctly. In production, web methods in B, which access web methods in C, generate an error message. Methods in B which do not access C execute correctly. Here is the error:

    System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Access denied for user: 'SystemLogin@PublicIPAddressForServer' (Using password: YES) --- End of inner exception stack trace ---

    Originally the application was deployed two a two server environment. Server 1 contained A and B, Server 2 has C. It was then that I originally received the error. Since then, I have moved all three applications to the same server, yet receive the same error. The proxies load relative to Urls stored in their respective web.config. App B implements the WSE 1.0 enhancements for security and uses a custom IPassword handler. App C does not use WSE because it is intended to be only accessible across a private network or locally. Besides the IPassword provider in B is intended for user access, the same provider would not be appropriate for C as it processes credit transaction for the entire system regardless of enduser.

    In an effort to resolve the problem, I have added NetworkCredentials to the proxy for C when accessed from B.

    I find it interesting that the IP address returned in the error is the public IP address. I would expect the IP to be the local ip or 127.0.0.1, but it appears to be making a round robin even though the static ip or localhost is used to reference the services in C.

    I receive the same error when browsing locally as well as remotely.

    Does anyone have suggestion of debugging or resolving this issue? Your help is greatly appreciated.

    Ray
     
    Ray Williams, Apr 12, 2004
    #1
    1. Advertising

  2. Ray Williams

    rwg Guest

    Ray:

    I don't have a silver bullet, just a suggestion of things to try.

    (1) Download and run Filemon and Regmon from www.sysinternals.com and see of they list "Access Denied" on any resources.
    (2) Turn on Auditing for failures on your Local Policies and see if anything is being logged.

    " Prepare Harddrive
    o Open My Computer
    o Get properties on your C drive
    o Press the security Tab
    o Press Advanced button to get Advanced Security for local disk dialog
    o Press "Auditing" tab
    o Button: Add to get the Select User … dialog
    o Add "Everyone"
    o Press OK
    o Check the "Failed" box for full control.
    o Apply and OK these changes (It will take several minutes)
    " Audit failures
    o Open Local Security Settings (from administrative tools)
    o Drill down to Local Policies -> Audit Policy
    o Activate logging for failures for "Audit Account Logon", "Audit Logon Events" , and "Audit Object Access"

    Filemon and Regmon create log files while they run. The auditing information will be placed in your Security Events.

    Once we discover what is failing, we can decide on the next step.

    -rwg
    This is what I think, not necessarily what is accurate!


    --------------------
    | From: "Ray Williams" <>
    | To: microsoft.public.dotnet.framework.aspnet.webservices
    | Subject: Nested WebApp/Service Credentials Issue
    |
    | I've developed a system that consists of three applications. (A) a web application to provide UI (B) a web service to handle shopping and buying
    requests and (C) a web service to process credit card transactions.
    |
    | The applications are accessed linearly, A &oacute; B &oacute; C. In development, my application suite works fine, when browsing application A, I can
    submit shop and buy requests to B and they are processed correctly. In production, web methods in B, which access web methods in C, generate an
    error message. Methods in B which do not access C execute correctly. Here is the error:
    |
    | System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Access denied for user:
    'SystemLogin@PublicIPAddressForServer' (Using password: YES) --- End of inner exception stack trace ---
    |
    | Originally the application was deployed two a two server environment. Server 1 contained A and B, Server 2 has C. It was then that I originally received
    the error. Since then, I have moved all three applications to the same server, yet receive the same error. The proxies load relative to Urls stored in their
    respective web.config. App B implements the WSE 1.0 enhancements for security and uses a custom IPassword handler. App C does not use WSE
    because it is intended to be only accessible across a private network or locally. Besides the IPassword provider in B is intended for user access, the
    same provider would not be appropriate for C as it processes credit transaction for the entire system regardless of enduser.
    |
    | In an effort to resolve the problem, I have added NetworkCredentials to the proxy for C when accessed from B.
    |
    | I find it interesting that the IP address returned in the error is the public IP address. I would expect the IP to be the local ip or 127.0.0.1, but it appears to be
    making a round robin even though the static ip or localhost is used to reference the services in C.
    |
    | I receive the same error when browsing locally as well as remotely.
    |
    | Does anyone have suggestion of debugging or resolving this issue? Your help is greatly appreciated.
    |
    | Ray
    |
    |
    |
     
    rwg, Apr 12, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Meade

    WebApp / Service - some differences?

    Rob Meade, Apr 25, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    305
  2. Replies:
    3
    Views:
    8,213
    Clint ()
    Dec 21, 2004
  3. Web Team @ Borough of Poole

    Credentials for web service

    Web Team @ Borough of Poole, May 9, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    429
    Web Team @ Borough of Poole
    May 9, 2005
  4. Replies:
    6
    Views:
    432
    S. Justin Gengo [MCP]
    Feb 10, 2006
  5. Andrew
    Replies:
    7
    Views:
    418
    Andrew
    Jun 28, 2009
Loading...

Share This Page