ASP.NET Forms Authentication site calling web service

  • Thread starter Thread starter Ryan
  • Start date Start date
R

Ryan

I'm getting no where on this. I have a web service that's used for a
mobile app. I began developing a web app utilizing this web service
as a console to enable users more capabilities than on the mobile
application.

My login page asks for a custom user name and password hence why I'm
using forms authentication. My login page calls my web service to
ensure the user input has appropiate access to this application. AH
HA...everytime my object makes the web service call, I get a 401:
Unauthorized error. I have impersonation set to the true in both my
web app and web service web.config files. In the web service, I have
authentication set as windows and authorization as allow all users.
Setting the credentials web service proxy property on the web client
side isn't helping because I won't know the password of the current
windows identity. So my question is what must I do to get the web
client to successfully make the call to the web service????
 
Ryan said:
I'm getting no where on this. I have a web service that's used for a
mobile app. I began developing a web app utilizing this web service
as a console to enable users more capabilities than on the mobile
application.

My login page asks for a custom user name and password hence why I'm
using forms authentication. My login page calls my web service to
ensure the user input has appropiate access to this application. AH
HA...everytime my object makes the web service call, I get a 401:
Unauthorized error. I have impersonation set to the true in both my
web app and web service web.config files. In the web service, I have
authentication set as windows and authorization as allow all users.
Setting the credentials web service proxy property on the web client
side isn't helping because I won't know the password of the current
windows identity. So my question is what must I do to get the web
client to successfully make the call to the web service????

So what are the credentials being used by the Web service itself? By
going to the Web service in IIS and looking at login credentials, you
can see what the user ID and psw, well not the psw if set as it's
protected and should be known, that's needed to login to access the
service. Maybe it needs to be set to anonymous login for the Web service
at the site.

You can enable Windows NT Auditing and have it log the success and
failure login attempts to the service on the machine, so it can tell you
the user-id and psw that's being rejected. You use Admin Tools/Event
Viwer/Secuity Log to see the user-id being rejected.
 
So what are the credentials being used by the Web service itself? By
going to the Web service in IIS and looking at login credentials, you
can see what the user ID and psw, well not the psw if set as it's
protected and should be known, that's needed to login to access the
service. Maybe it needs to be set to anonymous login for the Web service
at the site.

You can enable Windows NT Auditing and have it log the success and
failure login attempts to the service on the machine, so it can tell you
the user-id and psw that's being rejected. You use Admin Tools/Event
Viwer/Secuity Log to see the user-id being rejected.- Hide quoted text -

- Show quoted text -

When I look at the credentials on the web proxy, they are empty. I
had the web service virtual directory in IIS setup with anonymous
access and windows integration. I was still able to get to the site
through IE. How can I setup NT Auditing? Its a Windows 2003 Server.
 
When I look at the credentials on the web proxy, they are empty.  I
had the web service virtual directory in IIS setup with anonymous
access and windows integration.  I was still able to get to the site
through IE.  How can I setup NT Auditing?  Its a Windows 2003 Server.- Hide quoted text -

- Show quoted text -

I don't get why you want to use custom credentials and impersonation
together. Is it an intranet application?

Look at the following tutorial, I think it can help you
http://www.15seconds.com/Issue/020312.htm
 
I don't get why you want to use custom credentials and impersonation
together. Is it an intranet application?

Look at the following tutorial, I think it can help youhttp://www.15seconds.com/Issue/020312.htm- Hide quoted text -

- Show quoted text -

It is an intranet application but we maintain our own custom security
model. All users don't have a windows account. I wish they did but
unfortunately, I don't have that luxury.
 
It is an intranet application but we maintain our own custom security
model.  All users don't have a windows account.

Ok, why then you need to have authentication set as windows? If not
all users have a domain account, then Windows Authentication will not
work. Sorry, it's still not clear to me.

Anyway, we can test if it can work properly for domain users. Ensure
that anonymous access is turned off for the Web service. Then go to
you login page and assign the DefaultCredentials to the Credentials
property of the Web Service Proxy class you created.

e.g.

localhost.Service1 myProxy = new localhost.Service1();
myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;

The DefaultCredentials property of the CredentialCache class provides
system credentials of the security context where the application is
running.

Read more: http://support.microsoft.com/kb/811318

Hope this helps
 
Ok, why then you need to have authentication set as windows? If not
all users have a domain account, then Windows Authentication will not
work. Sorry, it's still not clear to me.

Anyway, we can test if it can work properly for domain users. Ensure
that anonymous access is turned off for the Web service. Then go to
you login page and assign the DefaultCredentials to the Credentials
property of the Web Service Proxy class you created.

e.g.

localhost.Service1 myProxy = new localhost.Service1();
myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;

The DefaultCredentials property of the CredentialCache class provides
system credentials of the security context where the application is
running.

Read more:http://support.microsoft.com/kb/811318

Hope this helps- Hide quoted text -

- Show quoted text -

As I was going through trial and setup, I having a tough time getting
the web app to work without Windows Authentication. When using
anonymous access, I kept getting the digest box for the login page
request. Also, a user can be logged on to the domain however, not
have access to every application.

Nonetheless, setting to DefaultCredentials worked. I appreciate your
help.
 
As I was going through trial and setup, I having a tough time getting
the web app to work without Windows Authentication.  When using
anonymous access, I kept getting the digest box for the login page
request.  Also, a user can be logged on to the domain however, not
have access to every application.

Nonetheless, setting to DefaultCredentials worked.  I appreciate your
help.- Hide quoted text -

- Show quoted text -

Glad it works now for you!
 
Ryan said:
When I look at the credentials on the web proxy, they are empty. I
had the web service virtual directory in IIS setup with anonymous
access and windows integration. I was still able to get to the site
through IE. How can I setup NT Auditing? Its a Windows 2003 Server.


You can find the information out there on Google on enabling auditing on
NT based O/S(s).
 
Back
Top