UnauthorizedAccessException by activating integrated authentification

Discussion in 'ASP .Net Security' started by Klaus Ballmann, May 3, 2005.

  1. Hi,

    I develop a webservice, which will be used by a small vba access client.
    The webservice reads some files in a network-share-folder. There is no
    domain, so I created two users with same name and password.
    I enabled only basic authentification in IIS and access the webservice via
    MSXML 3.0

    Set objSendServerXML = New MSXML2.ServerXMLHTTP30
    objSendServerXML.Open "POST", "https://bla/blub/" , True, "Username",
    "Password"

    I use impersonate=true and the webservice can access the network-files, but
    I can't debug the webservice with basic-authentification.
    If I activate integrated windows authentification, I can debug, but .net
    reports UnauthorizedAccessException,
    when the service tries to read the network files. I log
    WindowsIdentity.GetCurrent().Name and WindowsIdentity.GetCurrent
    ().AuthenticationType...
    The vba client still authentificates by basic-authentification and the log
    looks similar to me... but where is the difference?!!!!


    Thanks in advance

    Regards
    Klaus
    Klaus Ballmann, May 3, 2005
    #1
    1. Advertising

  2. This is known as a double-hop issue. With IWA, your security context can't
    hop to a second machine unless Kerberos delegation is enabled. A Google
    search on those terms will yield many hits and solutions.

    Joe K.

    "Klaus Ballmann" <> wrote in message
    news:Xns964B9C67A9B53stosstangegmxde@207.46.248.16...
    > Hi,
    >
    > I develop a webservice, which will be used by a small vba access client.
    > The webservice reads some files in a network-share-folder. There is no
    > domain, so I created two users with same name and password.
    > I enabled only basic authentification in IIS and access the webservice via
    > MSXML 3.0
    >
    > Set objSendServerXML = New MSXML2.ServerXMLHTTP30
    > objSendServerXML.Open "POST", "https://bla/blub/" , True, "Username",
    > "Password"
    >
    > I use impersonate=true and the webservice can access the network-files,
    > but
    > I can't debug the webservice with basic-authentification.
    > If I activate integrated windows authentification, I can debug, but .net
    > reports UnauthorizedAccessException,
    > when the service tries to read the network files. I log
    > WindowsIdentity.GetCurrent().Name and WindowsIdentity.GetCurrent
    > ().AuthenticationType...
    > The vba client still authentificates by basic-authentification and the log
    > looks similar to me... but where is the difference?!!!!
    >
    >
    > Thanks in advance
    >
    > Regards
    > Klaus
    Joe Kaplan \(MVP - ADSI\), May 3, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Strauss

    Activating JavaScript from C#

    Mike Strauss, Dec 19, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    5,934
    Elton Wang
    Dec 20, 2004
  2. Robert Rotstein

    activating a SOAP extension from the client

    Robert Rotstein, Jan 10, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    429
    Robert Rotstein
    Jan 10, 2006
  3. Robert Rotstein

    activating a SOAP extension from a client

    Robert Rotstein, Jan 10, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    316
    Robert Rotstein
    Jan 10, 2006
  4. picayunish
    Replies:
    12
    Views:
    718
    picayunish
    Oct 19, 2003
  5. Replies:
    1
    Views:
    200
    Joe Kaplan \(MVP - ADSI\)
    Aug 3, 2006
Loading...

Share This Page