Integrated Authentication, Impersonation, and Web Services

W

Web Developer

Environment:
OS: Windows 2003
IIS: 6
..Net Framework: 1.1
Authentication Scheme: Windows Integrated Authentication
Impersonation: Enabled

Error Message:
Exception Type: System.Net.WebException
Status: ProtocolError
Response: System.Net.HttpWebResponse
Message: The request failed with HTTP status 401: Unauthorized.
TargetSite: System.Object[]
ReadResponse(System.Web.Services.Protocols.SoapClientMessage,
System.Net.WebResponse, System.IO.Stream, Boolean)
HelpLink: NULL
Source: System.Web.Services

Scenario:
I have two server environments. One houses ASP.Net web form applications,
the other houses ASP.Net web services. Both use IIS Windows Integrated
Authentication and impersonation. When my web forms make calls to the web
services, they get 401 errors.

I read that NTLM doesn't support delegation, and that Kerberos isn't
automatically enabled with WIA. Do I need to enable Kerberos to get
impersonation to work accross web servers? What's happening to the
credentials of the authenticated user?

Thank you.
 
P

Paul Clement

¤ Environment:
¤ OS: Windows 2003
¤ IIS: 6
¤ .Net Framework: 1.1
¤ Authentication Scheme: Windows Integrated Authentication
¤ Impersonation: Enabled
¤
¤ Error Message:
¤ Exception Type: System.Net.WebException
¤ Status: ProtocolError
¤ Response: System.Net.HttpWebResponse
¤ Message: The request failed with HTTP status 401: Unauthorized.
¤ TargetSite: System.Object[]
¤ ReadResponse(System.Web.Services.Protocols.SoapClientMessage,
¤ System.Net.WebResponse, System.IO.Stream, Boolean)
¤ HelpLink: NULL
¤ Source: System.Web.Services
¤
¤ Scenario:
¤ I have two server environments. One houses ASP.Net web form applications,
¤ the other houses ASP.Net web services. Both use IIS Windows Integrated
¤ Authentication and impersonation. When my web forms make calls to the web
¤ services, they get 401 errors.
¤
¤ I read that NTLM doesn't support delegation, and that Kerberos isn't
¤ automatically enabled with WIA. Do I need to enable Kerberos to get
¤ impersonation to work accross web servers? What's happening to the
¤ credentials of the authenticated user?

Unless you are using Basic authentication (w/o SSL) I believe that you need to implement Kerberos
delegation in order to access remote resources.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Integrated Authentication and change user 0
WCF and Integrated Windows Authentication 7
asp.net impersonation 1
integrated windows authentication - web services 3
IIS 7.0 and Windows Integrated Authentication? 1
Asynchronous Web Services calls with Impersonation 0
Impersonation not working... 3
windows integrated authentication and impersonation 1

Members online

No members online now.
Total: 31 (members: 0, guests: 31)
Robots: 191

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top