Passing user credintials from a web page to a web service.

D

Dan Higman

I'm sure this is easy and I'll be embarrassed when I see the answer,
but I just can't figure this one out.
Using .Net/ASP 1.1 on a server using integrated authentication--
I have a web page (.aspx) that will collect some data from the user,
call a web service to get additional data, and then merge and format the
data back to the user's browser. But I want the web service to
authenticate with the user's credentials, not the credentials of IIS
serving the aspx page. What the web service will or will not return is
based on who is making the request.
How do I pass the user's credentials to the web service?

Sample code, white paper, knowledge base article, any clue will be
welcome. Thanks in advance.

Dan
 
B

Brock Allen

If you're using Basic authentication the username is available via HttpContext.Current.User.Identity
and the password is in some server variable (Enable Tracing to check which
one). Use this info to set the Credentials property on your webservice proxy
using ther NetworkCredentials class.

If you're using any other authentication mechanism you've got a problem since
you don't have a password. It's the classic 2nd hop authentication issue.
You need to somehow acquire the password from the user. The reason basic
authentication works is because the password is sent as a header to the server
when the user is challenged in the browser.
 
D

Dan Higman

Thanks Ken,
I had not see this particular article. I'm not sure how I missed it in
my search.
Unfortunately, the article is exactly correct; at least not in my
environment.
The technique in the article works if all the code is running on the
same machine. If you were to build all the examples in the article and
run them on localhost, it works just fine. But when the aspx code is
running on a different server than the web service, it doesn't work. At
least I can't get it to work. If I have impersonate set to false, the
credentials are that of the IIS server running the aspx. If I set
impersonate to true the credentials are null (the object exists, but all
the properties are null).
I'm beginning to thinks this can't be done with integrated security.

Dan
Hi Dan,

Just checking to see if you'd seen this...

HOW TO: Pass Current Credentials to an ASP.NET Web Service

http://support.microsoft.com/default.aspx?scid=kb;en-us;813834

Ken
Microsoft MVP [ASP.NET]
Toronto

I'm sure this is easy and I'll be embarrassed when I see the answer,
but I just can't figure this one out.
Using .Net/ASP 1.1 on a server using integrated authentication--
I have a web page (.aspx) that will collect some data from the user,
call a web service to get additional data, and then merge and format
the data back to the user's browser. But I want the web service to
authenticate with the user's credentials, not the credentials of IIS
serving the aspx page. What the web service will or will not return
is based on who is making the request.
How do I pass the user's credentials to the web service?

Sample code, white paper, knowledge base article, any clue will be
welcome. Thanks in advance.

Dan
 
S

Scott Allen

Hi Dan:

It is the 2 hop issue Brock mentioned. One solution is to use
delegation, and I have some links to more information here:

http://odetocode.com/Blogs/scott/archive/2005/02/24/1053.aspx


--
Scott
http://www.OdeToCode.com/blogs/scott/

Thanks Ken,
I had not see this particular article. I'm not sure how I missed it in
my search.
Unfortunately, the article is exactly correct; at least not in my
environment.
The technique in the article works if all the code is running on the
same machine. If you were to build all the examples in the article and
run them on localhost, it works just fine. But when the aspx code is
running on a different server than the web service, it doesn't work. At
least I can't get it to work. If I have impersonate set to false, the
credentials are that of the IIS server running the aspx. If I set
impersonate to true the credentials are null (the object exists, but all
the properties are null).
I'm beginning to thinks this can't be done with integrated security.

Dan
Hi Dan,

Just checking to see if you'd seen this...

HOW TO: Pass Current Credentials to an ASP.NET Web Service

http://support.microsoft.com/default.aspx?scid=kb;en-us;813834

Ken
Microsoft MVP [ASP.NET]
Toronto

I'm sure this is easy and I'll be embarrassed when I see the answer,
but I just can't figure this one out.
Using .Net/ASP 1.1 on a server using integrated authentication--
I have a web page (.aspx) that will collect some data from the user,
call a web service to get additional data, and then merge and format
the data back to the user's browser. But I want the web service to
authenticate with the user's credentials, not the credentials of IIS
serving the aspx page. What the web service will or will not return
is based on who is making the request.
How do I pass the user's credentials to the web service?

Sample code, white paper, knowledge base article, any clue will be
welcome. Thanks in advance.

Dan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top