web page calls web service - security

M

Mark

Assume you have a web page hosted on a local server in your domain. You
have a .NET web service on a different server in the same domain. The web
page calls the web service using domain authentication. By default, does
the web page attempt to use the local ASPNET account used to run the web
page or the domain credentials of the user?

Thanks.

Mark
 
B

bruce barker

the default is anonymous. commonly you'd set the credential to the cache
default (in code). the default account will depend on web.config
settings and whether app pools are used.

if impersonate user is set, then the cache default is the user account
unless overridden in the web config.

if impersonate user not set its the app pool account or the asp.net
account if app pools are not used.

note: if you impersonate user, then you will have a secondary token
which can only be used for a web service on the same server. if you need
to access a different server, then you will need to switch to kerberos,
and enable credentials forwarding on the servers involved.

-- bruce (sqlwork.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sending data from web page to Raspberry Pi 0
Bash scripts for web apps 1
ASP.NET Forms Authentication site calling web service 8
I want to have a button in a web page with action for open new phone contact page and fill it with some date 1
How to effectively develop a web application from scratch? 0
External web service and Active Directory - which authentication type? 5
authentication mode windows : web vs web service application 0
Web services and security 3

Members online

Total: 26 (members: 1, guests: 25)
Robots: 468

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top