G
Gary K
I'm trying to create a web service that contains functions available to both
Anonymous & Authenticated access. Now I am having problems with security
access. The plan was to allow anonymous access to the web service, and
control user credentials through code impersonation. (It's the webservice
functions job to filter security roles, etc)
Unfortunately I am suffering from the VS2002 bug, where you HAVE to set the
internet explorer security zone, Logon setting to 'Automatic with username &
password' before you can debug. (Otherwise even admins get debug permission
errors)
I also cannot get the debugger to debug across webservice calls
(app<->service), which means that I have to debug the webservice with
anonymous access turned off, and allow the administrator role to slip through
function security checks, and when debugging the application I have to turn
anonymous access back on and try using impersonation.
The real problem I'm having (i got to the point eventually), is that my
application appears to be 'logging' into the service anonymously, regardless.
Is it possible to somehow send the user details to the service and have it
use those, or will I have to create two seperate yet intertwined projects
(one secure, one not)?
My goal is to have ONE service (cut's down on management & server overhead)
with a controller application able to run on any computer/location, that uses
a user inputed username/password for logon to the service. And to make things
even more complicated, the user logon will need to be done through the
server's ActiveDirectory services.
Anonymous & Authenticated access. Now I am having problems with security
access. The plan was to allow anonymous access to the web service, and
control user credentials through code impersonation. (It's the webservice
functions job to filter security roles, etc)
Unfortunately I am suffering from the VS2002 bug, where you HAVE to set the
internet explorer security zone, Logon setting to 'Automatic with username &
password' before you can debug. (Otherwise even admins get debug permission
errors)
I also cannot get the debugger to debug across webservice calls
(app<->service), which means that I have to debug the webservice with
anonymous access turned off, and allow the administrator role to slip through
function security checks, and when debugging the application I have to turn
anonymous access back on and try using impersonation.
The real problem I'm having (i got to the point eventually), is that my
application appears to be 'logging' into the service anonymously, regardless.
Is it possible to somehow send the user details to the service and have it
use those, or will I have to create two seperate yet intertwined projects
(one secure, one not)?
My goal is to have ONE service (cut's down on management & server overhead)
with a controller application able to run on any computer/location, that uses
a user inputed username/password for logon to the service. And to make things
even more complicated, the user logon will need to be done through the
server's ActiveDirectory services.