H
Howard Hoffman
I am trying to 'flow' a Windows Identity from an IE Browser to a Web Server
to an App Server (hosted by ASP.NET, exposing WebService interface).
Everything is within the same firewall / network.
I'm seeing the identity flow from Browser to Web Server, but it doesn't flow
over to the App Server / Web Service.
I had thought this would work, but perhaps I'm mistaken. It *does* work if
everything is on the same machine.
Machine A is W2K Advanced Server, with AuthorsWebClient ASP.NET Web Server
application.
The IIS virutal directory Directory Security tab is setup to *not* allow
anonymous access. Integrated Windows Authentication is checked.
The web.config file has <identity impersonate="true"/> and <authentication
mode="Windows"/>.
In the web server, I make a call to a web service running on Machine B.
Before calling the web service, I set
Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
where 'Proxy' is the VS.NET Generated (via WebReference) proxy for the web
service.
Machine B is running XP. It's got AuthorsWebService, an ASP.NET Web
Service application. The IIS virtual directory Directory Security tab is
setup
to *not* allow anonymous access. Integrated Windows Authentication is
checked.
The web.config file of the Web Service has <identity impersonate="true"/>
and <authentication mode="Windows"/>.
If I disallow anonymous access to the Web Service virtual directory, I get
HTTP 401 errors at the point where Machine A calls the web service on
Machine B. If I allow anonymous access to the Web Service virtual
directory, I get in to the Web Service, but I have a Windows Principal
with an Identity that has an empty Name value.
Especially in light of
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318
I'm confused. Can anyone tell me whether I can flow identity across the
web server to the web service (across machines)?
Thanks in advance,
Howard Hoffman
to an App Server (hosted by ASP.NET, exposing WebService interface).
Everything is within the same firewall / network.
I'm seeing the identity flow from Browser to Web Server, but it doesn't flow
over to the App Server / Web Service.
I had thought this would work, but perhaps I'm mistaken. It *does* work if
everything is on the same machine.
Machine A is W2K Advanced Server, with AuthorsWebClient ASP.NET Web Server
application.
The IIS virutal directory Directory Security tab is setup to *not* allow
anonymous access. Integrated Windows Authentication is checked.
The web.config file has <identity impersonate="true"/> and <authentication
mode="Windows"/>.
In the web server, I make a call to a web service running on Machine B.
Before calling the web service, I set
Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
where 'Proxy' is the VS.NET Generated (via WebReference) proxy for the web
service.
Machine B is running XP. It's got AuthorsWebService, an ASP.NET Web
Service application. The IIS virtual directory Directory Security tab is
setup
to *not* allow anonymous access. Integrated Windows Authentication is
checked.
The web.config file of the Web Service has <identity impersonate="true"/>
and <authentication mode="Windows"/>.
If I disallow anonymous access to the Web Service virtual directory, I get
HTTP 401 errors at the point where Machine A calls the web service on
Machine B. If I allow anonymous access to the Web Service virtual
directory, I get in to the Web Service, but I have a Windows Principal
with an Identity that has an empty Name value.
Especially in light of
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318
I'm confused. Can anyone tell me whether I can flow identity across the
web server to the web service (across machines)?
Thanks in advance,
Howard Hoffman