401 While Accessing Web Service

[Ben]

I'm trying to access a c# web service from a web form.

I set up the web reference proxy object as follows:

proxy.PreAuthenticate = true;
proxy.Credentials = CredentialCache.DefaultCredentials;


but i get a 401 error. If I switch the IIS website from Integrated
Windows Auth to Anonymous, it works... but i want it to use windows
security.

my web.config of the web form is set to imperonsate the logged on
user, and i verified that's working by checking that
this.User.Identity.Name is my domain user (which has access to the web
service).

Any ideas what i'm doing wrong? (btw, the web service is SSL if that
makes a difference).

Thanks!

 

[Nirosh]

http://www.dotnetbips.com/articles/dbd724e9-78f0-4a05-adfb-190d151103b2.aspx

check this and see..

 

[Ben]

http://www.dotnetbips.com/articles/dbd724e9-78f0-4a05-adfb-190d151103...

check this and see..

--











- Show quoted text -

thanks,
anyway to do it without using web form authentication?

the crazy thing is that if i fire up my web form from Visual Studio it
works just fine and can access the web service, but if i publish it to
another server and try from there I get the 401 (the site i'm
publishing to is using 'intergrated windows auth') .

 

[Nirosh]

okay, check WSE (Web Service Enhancement) to see how to improve the web
service security..

to avoid the dependacy with integrated authentication, create a new web site
for your web service, that way it should work fine.

--
L.W.C. Nirosh

http://www.dotnetbips.com/articles/dbd724e9-78f0-4a05-adfb-190d151103...

check this and see..

--











- Show quoted text -

thanks,
anyway to do it without using web form authentication?

the crazy thing is that if i fire up my web form from Visual Studio it
works just fine and can access the web service, but if i publish it to
another server and try from there I get the 401 (the site i'm
publishing to is using 'intergrated windows auth') .

 

[Ben]

okay, check WSE (Web Service Enhancement) to see how to improve the web
service security..

to avoid the dependacy with integrated authentication, create a new web site
for your web service, that way it should work fine.

--
L.W.C. Nirosh







thanks,
anyway to do it without using web form authentication?

the crazy thing is that if i fire up my web form from Visual Studio it
works just fine and can access the web service, but if i publish it to
another server and try from there I get the 401 (the site i'm
publishing to is using 'intergrated windows auth') .- Hide quoted text -

- Show quoted text -

I'm using VS2008... is there WSE for that version? i can only find it
for VS2005?

is this the only way? i made C# web services before that were hosted
on an IIS site with intergrated windows auth, but the client side was C
++ and i was able to pass current nt credentials without a problem....
this is my first attempt where the client side is another c# web page.

 

[Nirosh]

I am not sure whether this is the only way.. When you say it worked with C++
and now is not working with aspx/c# web site, that is interesting..

The WSE 3.0 should work fine with framework 3.0/3.5. But if you want it to
work with VSS 2008 IDE then you need to trick it.

e.g.:-
http://devlicio.us/blogs/derik_whit...e-3-0-support-in-visual-studio-2008-hack.aspx
But I din't do this.. so please do it with extra care..

--
L.W.C. Nirosh

okay, check WSE (Web Service Enhancement) to see how to improve the web
service security..

to avoid the dependacy with integrated authentication, create a new web
site
for your web service, that way it should work fine.

--
L.W.C. Nirosh







thanks,
anyway to do it without using web form authentication?

the crazy thing is that if i fire up my web form from Visual Studio it
works just fine and can access the web service, but if i publish it to
another server and try from there I get the 401 (the site i'm
publishing to is using 'intergrated windows auth') .- Hide quoted text -

- Show quoted text -

I'm using VS2008... is there WSE for that version? i can only find it
for VS2005?

is this the only way? i made C# web services before that were hosted
on an IIS site with intergrated windows auth, but the client side was C
++ and i was able to pass current nt credentials without a problem....
this is my first attempt where the client side is another c# web page.

 

[Ben]

I am not sure whether this is the only way.. When you say it worked with C++
and now is not working with aspx/c# web site, that is interesting..

The WSE 3.0 should work fine with framework 3.0/3.5. But if you want it to
work with VSS 2008 IDE then you need to trick it.

e.g.:-http://devlicio.us/blogs/derik_whittaker/archive/2008/04/03/wse-3-0-s...
But I din't do this.. so please do it with extra care..

--
L.W.C. Nirosh









I'm using VS2008... is there WSE for that version? i can only find it
for VS2005?

is this the only way?  i made C# web services before that were hosted
on an IIS site with intergrated windows auth, but the client side was C
++ and i was able to pass current nt credentials without a problem....
this is my first attempt where the client side is another c# web page.- Hide quoted text -

- Show quoted text -

I switched the project to VS2005 just to test and enabled WSE 3.0
support -- is there any additional settings i need to change since it
still throws the same error...

 

[Nirosh]

You need to get the web service configure into a another web site, then you
can remove the integrated authentication just for that web site.. then your
web service will be vulnerable, so to improve security use the WSE..

just converting the project to 2005 and enable wse won't do any good. as the
webservice is still having integrated security..

--
L.W.C. Nirosh

I am not sure whether this is the only way.. When you say it worked with
C++
and now is not working with aspx/c# web site, that is interesting..

The WSE 3.0 should work fine with framework 3.0/3.5. But if you want it to
work with VSS 2008 IDE then you need to trick it.

e.g.:-http://devlicio.us/blogs/derik_whittaker/archive/2008/04/03/wse-3-0-s...
But I din't do this.. so please do it with extra care..

--
L.W.C. Nirosh









I'm using VS2008... is there WSE for that version? i can only find it
for VS2005?

is this the only way? i made C# web services before that were hosted
on an IIS site with intergrated windows auth, but the client side was C
++ and i was able to pass current nt credentials without a problem....
this is my first attempt where the client side is another c# web page.-
Hide quoted text -

- Show quoted text -

I switched the project to VS2005 just to test and enabled WSE 3.0
support -- is there any additional settings i need to change since it
still throws the same error...

 

[Ben]

You need to get the web service configure into a another web site, then you
can remove the integrated authentication just for that web site.. then your
web service will be vulnerable, so to improve security use the WSE..

just converting the project to 2005 and enable wse won't do any good. as the
webservice is still having integrated security..

--









I switched the project to VS2005 just to test and enabled WSE 3.0
support -- is there any additional settings i need to change since it
still throws the same error...- Hide quoted text -

- Show quoted text -

so are u saying I cannot use integrated security on a WS?

btw, it works fine if my client is a C# windows form (instead of a web
form)... so I think this shows the WS is okay... it's just there's
something i'm missing on the web form to make it work... but
everywhere i read i see they just say to set the Credentials param and
i did that already.

 

[bruce barker]

you are hitting the one hop rule with nt creditals. it should work if you hit
the web site locally, but not from another computer.

to do this you have two options:

1) switch to basic, which will give the web server a primary token it can
use to access a second server.
2) switch to kerberos and enable server credentials delegation.


-- bruce (sqlwork.com)

 

[Ben]

you are hitting the one hop rule with nt creditals. it should work if you hit
the web site locally, but not from another computer.

to do this you have two options:

1) switch to basic, which will give the web server a primary token it can
use to access a second server.
2) switch to kerberos and enable server credentials delegation.

-- bruce (sqlwork.com)











- Show quoted text -

for option 1 it sounds like i'll need to know the user/pwd which i
won't...

option 2 sounds interesting... is this a complicated thing to setup?
i've been trying to search on the issue and haven't found a good
description on how to set it up yet... if anyone has any further info
on it i'd really appreciate it!

Thanks!!!