Calling Web Service that calls other Web Service with Windows Authentication

[manuelserpabrandao]

Hi all


I would like to now the answer to the following problem, if someone can

help.


Given a windows application client that's calling a web service (using
default credentials) the
web service gets invoked fine with the users credentials. However they
need
to call a second web service from the first one. When it hits the
second web
service, the web service (even though configured correctly) always
reports (401) Unauthorized.


Is there any possibility to do this or is impossible ?


Is possible to implement any workaround for this problem ?


Thanks in advance


Manuel Brandão

 

[Balasubramanian Ramanathan]

you can do this...

In webservice1 code behind you will be creating the reference object of the
second webservice.

There you can specify whet credential you have to use when calling web
service2.
for example

WebService2 ws = new WebService2();
ws.Credentials = ................

and call the 2nd web service..

since be default webservice2 will be called with the credential of asp.net
worker process you will be gettting this error.

Hope this helps

Hi all


I would like to now the answer to the following problem, if someone can

help.


Given a windows application client that's calling a web service (using
default credentials) the
web service gets invoked fine with the users credentials. However they
need
to call a second web service from the first one. When it hits the
second web
service, the web service (even though configured correctly) always
reports (401) Unauthorized.


Is there any possibility to do this or is impossible ?


Is possible to implement any workaround for this problem ?


Thanks in advance


Manuel Brandão

 

[bruce barker \(sqlwork.com\)]

the second web service must be on the same server as the first web service
for this to work.

if its on a different server, then you must switch to basic or Kerberos
authentication.

-- bruce (sqlwork.com)

 

[Martin.Kunc]

Hello all,
this is problem known as dual hop. You are passing credentials (by
token) to one server, this is correct (just windows token is passed),
but you cannot pass token somewhere else on remote computer, this would
be potential security bug (program could use passed access to do
something).
Solution is as was written by Bruce Barker,
- either using basic authentication (passing user and password using
cleartext) Then you can easily use name and password for login without
troubles, but you are facing risk of network listening ..
- either kerberos network token passing - this also is not as secure as
it should be. You need to configure remote computer for using this
access in Active Directory.
- and the last passibility is easily use the same computer for two web
services - then you do not need to pass token remotely and windows can
handle this on single computer.

Martin Kunc