System.Net.CredentialsCache.DefaultCredentials not working

Discussion in 'ASP .Net Web Services' started by tom.sorensen@agresso.no, Jul 12, 2006.

  1. Guest

    Hi.

    I'm trying to authenticate from an asp.net client to a web service on
    two different machines is the same domain. From what i gather I'm
    supposed to use the following code in my client in order to
    authenticate using my domain credentials:

    service.Credentials = CredentialCache.DefaultCredentials ;

    I am using windows integrated authentication. I can get this to work if
    I use a NetworkCredential object and supply username, password and
    domain, but this is not desireable.When I try to use DefaultCredentials
    I get a 401 access denied response.

    The IIS log files on the web service server does not contain any user
    other than the ones where i supply the network credentials with a
    hardcoded user.
     
    , Jul 12, 2006
    #1
    1. Advertising

  2. Guest

    Hallo Tom,
    this all looks as dual hop problem to me. The core is when you are
    authenticating to one resource with your name/password, you will het
    something called primary token, what is a thing, you can operate just
    on one computer - this is a constraint done by windows implementation
    and security reasons.
    Either you can use kerberos tokens and set this all in active directory
    (less secure) - you need a seperated computer and user who has this
    allowed in AD.
    Or you need to use basic authentication. In this way, you are passing
    clear user name and password, so your application can in all phases get
    a new primary token.
    Did all this helped you ?
    Martin

    wrote:
    > Hi.
    >
    > I'm trying to authenticate from an asp.net client to a web service on
    > two different machines is the same domain. From what i gather I'm
    > supposed to use the following code in my client in order to
    > authenticate using my domain credentials:
    >
    > service.Credentials = CredentialCache.DefaultCredentials ;
    >
    > I am using windows integrated authentication. I can get this to work if
    > I use a NetworkCredential object and supply username, password and
    > domain, but this is not desireable.When I try to use DefaultCredentials
    > I get a 401 access denied response.
    >
    > The IIS log files on the web service server does not contain any user
    > other than the ones where i supply the network credentials with a
    > hardcoded user.
     
    , Jul 13, 2006
    #2
    1. Advertising

  3. Tom-Einar Guest

    Hi Martin.

    Thank you for your response. I've read about the dual hop problem
    before. What troubles me is that my domain user does not appear in the
    log files on the client machine either. The other thing is that when I
    use a windows application as a client, the result is the same. This
    scenario should not result in a dual hop problem, should it?

    If I must, I will try to use Kerberos. Do you know where I can find
    more info on this subject?

    Tom

    skrev:
    > Hallo Tom,
    > this all looks as dual hop problem to me. The core is when you are
    > authenticating to one resource with your name/password, you will het
    > something called primary token, what is a thing, you can operate just
    > on one computer - this is a constraint done by windows implementation
    > and security reasons.
    > Either you can use kerberos tokens and set this all in active directory
    > (less secure) - you need a seperated computer and user who has this
    > allowed in AD.
    > Or you need to use basic authentication. In this way, you are passing
    > clear user name and password, so your application can in all phases get
    > a new primary token.
    > Did all this helped you ?
    > Martin
    >
    > wrote:
    > > Hi.
    > >
    > > I'm trying to authenticate from an asp.net client to a web service on
    > > two different machines is the same domain. From what i gather I'm
    > > supposed to use the following code in my client in order to
    > > authenticate using my domain credentials:
    > >
    > > service.Credentials = CredentialCache.DefaultCredentials ;
    > >
    > > I am using windows integrated authentication. I can get this to work if
    > > I use a NetworkCredential object and supply username, password and
    > > domain, but this is not desireable.When I try to use DefaultCredentials
    > > I get a 401 access denied response.
    > >
    > > The IIS log files on the web service server does not contain any user
    > > other than the ones where i supply the network credentials with a
    > > hardcoded user.
     
    Tom-Einar, Jul 13, 2006
    #3
  4. Tom-Einar Guest

    Correction:

    This problem does not happen when using a windows application.
    Definately seems to be a double hop problem. Still want to know how to
    configure Kerberos if you have any links :)

    Tom

    Tom-Einar skrev:
    > Hi Martin.
    >
    > Thank you for your response. I've read about the dual hop problem
    > before. What troubles me is that my domain user does not appear in the
    > log files on the client machine either. The other thing is that when I
    > use a windows application as a client, the result is the same. This
    > scenario should not result in a dual hop problem, should it?
    >
    > If I must, I will try to use Kerberos. Do you know where I can find
    > more info on this subject?
    >
    > Tom
    >
    > skrev:
    > > Hallo Tom,
    > > this all looks as dual hop problem to me. The core is when you are
    > > authenticating to one resource with your name/password, you will het
    > > something called primary token, what is a thing, you can operate just
    > > on one computer - this is a constraint done by windows implementation
    > > and security reasons.
    > > Either you can use kerberos tokens and set this all in active directory
    > > (less secure) - you need a seperated computer and user who has this
    > > allowed in AD.
    > > Or you need to use basic authentication. In this way, you are passing
    > > clear user name and password, so your application can in all phases get
    > > a new primary token.
    > > Did all this helped you ?
    > > Martin
    > >
    > > wrote:
    > > > Hi.
    > > >
    > > > I'm trying to authenticate from an asp.net client to a web service on
    > > > two different machines is the same domain. From what i gather I'm
    > > > supposed to use the following code in my client in order to
    > > > authenticate using my domain credentials:
    > > >
    > > > service.Credentials = CredentialCache.DefaultCredentials ;
    > > >
    > > > I am using windows integrated authentication. I can get this to work if
    > > > I use a NetworkCredential object and supply username, password and
    > > > domain, but this is not desireable.When I try to use DefaultCredentials
    > > > I get a 401 access denied response.
    > > >
    > > > The IIS log files on the web service server does not contain any user
    > > > other than the ones where i supply the network credentials with a
    > > > hardcoded user.
     
    Tom-Einar, Jul 13, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig
    Replies:
    1
    Views:
    11,055
    shobhaiyer
    Oct 3, 2007
  2. Paul Cheevers
    Replies:
    1
    Views:
    9,762
    Scott Allen
    Sep 7, 2004
  3. Ramdas

    CredentialCache.DefaultCredentials not working

    Ramdas, Jul 30, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    156
    Ramdas
    Jul 30, 2004
  4. Paul Cheevers

    CredentialCache.DefaultCredentials not working!!!!!

    Paul Cheevers, Sep 7, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    211
    One Handed Man \( OHM - Terry Burns \)
    Sep 21, 2004
  5. Ramdas

    CredentialCache.DefaultCredentials Not working

    Ramdas, Jul 30, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    193
    Ramdas
    Jul 30, 2004
Loading...

Share This Page