Remoting Problem

[Ron L]

We are working on a distributed VB.Net application which will access a SQL
database located on a known server. Each client will run on the user's
local machine. To implement this, we are trying to use remoting for our
access to the SQL server, with the remoting being via IIS. Since all of our
users will have accounts in the destination domain, we want to have IIS
handle the security for us and not allow anonymous. We have set this up
with one of our development clients and servers, but when we try to connect
we get the following error message:
An unhandled exception of type 'System.Net.WebException' occurred in
mscorlib.dll

Additional information: the remote server returned an error: (401)
Unauthorized.



Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory with the
RemotingTest object has "Script Source Access" set and the Execute
Permissions are set to "Scripts and Executables". We have also tried with
setting IIS to Allow Anonymous, which moves the error out to the SQL
connection (with the error message of "can't make a connection for user
NULL"). Even if anonymous did work, it would be a problem for us since the
application we are using requires the username to be accessible.

The SQL server is in a different domain from development machine, however a
trust relationship exists between the two domains. We have verified that
the trust works by opening the NorthWind database in Enterprise Manager on
the development machine.

Can anyone tell us what we are doing wrong here?

 

[Nicole Calinoiu]

Have you set the remoting client to pass the default credentials to the
server? If so, how? Also, what happens when you attempt to browse to the
server URL in IE?

 

[Guest]

The issue is IIS connections are anonymous until login. With a local app, you
do not get a logon box, so you stay anon. Boom!!!

Good starting point:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp

I assume you are using HTTP as transport (IIS) as you want the built in
authentication methods. That is fine, but realize you will have to have the
user log in, or have the machines set up to automatically use the user's
account. Network admins can push this out, via policy, to avoid individually
setting up machines.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Ron L]

Nicole
Thanks for your response. I am using a web.config file that I have
included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to clients
from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------

 

[Ron L]

Gregory
Thanks for the response. I had assumed that IIS would handle the login
box for me, like it does for ASP. Rats! I will take a look at the link you
sent. Am I in the same boat with Web Services, or will they provide the
login box for me?

Ron L

 

[Nicole Calinoiu]

That looks like your server config file, which isn't what I was asking
about. On the client, how are you specifying the credentials that should be
sent to the server? (If you don't know what this question means, chances
are excellent that you're not sending any credentials, which would explain
the authentication problem. <g>) Also, could you please check if you can
access the server via IE?

 

[Ron L]

Nicole
I guess I don't know how I am specifying the credentials on the client
side. As I said to Gregory, I was assuming that IIS handled the credentials
as it does for ASP. As to accessing the server, if I enter the following
URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names, port
names, binding names, etc.

Ron L

 

[Nicole Calinoiu]

Nicole
I guess I don't know how I am specifying the credentials on the client
side.

Then chances are very good that the client credentials aren't being passed.
See http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote Objects"
section) for possible approaches.

As I said to Gregory, I was assuming that IIS handled the credentials as
it does for ASP.

IIS will perform the user authentication, but only if the user's credentials
are passed from the client machine, which is something that IIS cannot do.
The transparent passing of client credentials that you see when using IE to
browse a Windows-authenticated intranet site is because IE is configured to
pass those credentials without user intervention. You'll need to make it
possible for your client application to pass the same credentials.

As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names, port
names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?

 

[Ron L]

Nicole
I have been attempting to wade through the reference you gave me (it was
the same reference that Gregory gave). What I want my application to be
able to do is to try the credentials of the currently logged in user, and if
that fails prompt the user for a username and password. Is this two
different instances of using specific credentials, or is it one instance of
using default credentials and one of using specific credentials?

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view this
page" error page.

Ron L

 

[Nicole Calinoiu]

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application to
be able to do is to try the credentials of the currently logged in user,
and if that fails prompt the user for a username and password. Is this
two different instances of using specific credentials, or is it one
instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll need
to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel attributes
in the configuration file. An example of the programmatic approach is shown
in the "Programmatic configuration" section of the ".NET Remoting Security"
reference.

2. Adjust the client code in #1 to attempt to connect to the server and, if
authentication fails, prompt the user for custom credentials then switch
over to using those credentials. An example of setting the proxy to use
such credentials is shown in the "Using specific credentials" section of the
".NET Remoting Security" reference.

As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically provided
by IE prior to disabling this behaviour were authenticating successfully and
permitting access to the server.

 

[Ron L]

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] = CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is set
and what is it? If I try making it be the RemotingInterface object in the
code below, I still get my (401) Unauthorized error. Can you clear this up
for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials"))


Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

 

[Nicole Calinoiu]

I can't see any obvious problems in your code. Do you still get a 401 error
if you try to reproduce the simple sample from
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] = CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object in
the code below, I still get my (401) Unauthorized error. Can you clear
this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials"))


Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server and,
if authentication fails, prompt the user for custom credentials then
switch over to using those credentials. An example of setting the proxy
to use such credentials is shown in the "Using specific credentials"
section of the ".NET Remoting Security" reference.




Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.

 

[Guest]

A few pages ago theres a thread on what sounds like a similar problem that
was answered well. If you do a search for this string

"ASP.Net Impersonation Problem"

You should come up with it at the top of the list of results. The post talks
about credential forwarding, impersonation and authentication. Which I
believe, is what you're currently having problems with.

Hope that helps!

Steve.

 

[Nicole Calinoiu]

The problem described by Ron is extremely unlike to involve Kerberos
double-hop issues since the authorization error is occurring on the first
hop. This doesn't mean that he might not also eventually encounter an issue
on the second hop (if any), but he'll need to actually get code running on
the server before this becomes a problem. <g>

 

[Ron L]

Nicole
I downloaded the example you suggested, and I can get it working from
the command line version; however when I try to set it up in Visual Studio,
I get the following error in the first line of the
ServerClass::GetServerString():

An unhandled exception of type 'System.NullReferenceException'
occurred in msremotingexample.dll

Additional information: Object reference not set to an instance of
an object.

I set up a solution (MSRemotingExample) with 2 projects: client and
ServiceClass. ServiceClass was set up as an empty web project, and the
ServiceClass.cs and Web.Config files placed in the project. The client
project was setup as a console application class and the client.cs and
App.Config files added.

Any thoughts?

Thanks,
Ron L

I can't see any obvious problems in your code. Do you still get a 401
error if you try to reproduce the simple sample from
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] =
CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object
in the code below, I still get my (401) Unauthorized error. Can you
clear this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials"))


Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application
to be able to do is to try the credentials of the currently logged in
user, and if that fails prompt the user for a username and password.
Is this two different instances of using specific credentials, or is it
one instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server
and, if authentication fails, prompt the user for custom credentials
then switch over to using those credentials. An example of setting the
proxy to use such credentials is shown in the "Using specific
credentials" section of the ".NET Remoting Security" reference.



As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.



Ron L



"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message Nicole
I guess I don't know how I am specifying the credentials on the
client side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.


As I said to Gregory, I was assuming that IIS handled the credentials
as it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something
that IIS cannot do. The transparent passing of client credentials that
you see when using IE to browse a Windows-authenticated intranet site
is because IE is configured to pass those credentials without user
intervention. You'll need to make it possible for your client
application to pass the same credentials.


As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names,
port names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?



Ron L



"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message That looks like your server config file, which isn't what I was
asking about. On the client, how are you specifying the credentials
that should be sent to the server? (If you don't know what this
question means, chances are excellent that you're not sending any
credentials, which would explain the authentication problem. <g>)
Also, could you please check if you can access the server via IE?



Nicole
Thanks for your response. I am using a web.config file that I
have included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
/>
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message Have you set the remoting client to pass the default credentials
to the server? If so, how? Also, what happens when you attempt
to browse to the server URL in IE?


We are working on a distributed VB.Net application which will
access a SQL database located on a known server. Each client
will run on the user's local machine. To implement this, we are
trying to use remoting for our access to the SQL server, with the
remoting being via IIS. Since all of our users will have accounts
in the destination domain, we want to have IIS handle the
security for us and not allow anonymous. We have set this up with
one of our development clients and servers, but when we try to
connect we get the following error message:
An unhandled exception of type 'System.Net.WebException'
occurred in mscorlib.dll

Additional information: the remote server returned an error:
(401) Unauthorized.



Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory
with the RemotingTest object has "Script Source Access" set and
the Execute Permissions are set to "Scripts and Executables". We
have also tried with setting IIS to Allow Anonymous, which moves
the error out to the SQL connection (with the error message of
"can't make a connection for user NULL"). Even if anonymous did
work, it would be a problem for us since the application we are
using requires the username to be accessible.

The SQL server is in a different domain from development machine,
however a trust relationship exists between the two domains. We
have verified that the trust works by opening the NorthWind
database in Enterprise Manager on the development machine.

Can anyone tell us what we are doing wrong here?

 

[Ron L]

Nicole

I got it to work. The final code on the client side was:

Private Sub ClientForm_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles

MyBase.Load
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

txtResults.Text = "Welcome to the client application." & vbCrLf
txtResults.Text += "Console Identity: " +
WindowsIdentity.GetCurrent().Name

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelproperties As IDictionary
channelproperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelproperties("credentials") =
CredentialCache.DefaultCredentials

txtResults.Text = txtResults.Text & vbCrLf & vbCrLf & "Trying to get
the text message: "
Try
txtResults.Text = txtResults.Text & vbCrLf & _NWInfo.GetMessage
Catch ex As Exception
txtResults.Text = txtResults.Text & vbCrLf & ex.Message
End Try

txtResults.Text = txtResults.Text & vbCrLf & vbCrLf & "Trying
GetMostExpensiveProducts: "
Try
Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
txtResults.Text = txtResults.Text & vbCrLf & row.Item(0)
Next
Catch ex As Exception
txtResults.Text = txtResults.Text & vbCrLf & ex.Message
End Try

txtResults.SelectionLength = 0
End Sub

I had a series of cascading errors in the previous code that I finally
managed to untangle today.

Thank you for the help.

Ron L

I can't see any obvious problems in your code. Do you still get a 401
error if you try to reproduce the simple sample from
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp?
If not, what happens if you modify the client to use programmatic
configuration of the URL and credentials instead of reading these from the
config file?

Nicole
I have found the code you referenced as an example:

IDictionary channelProperties;
channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
channelProperties ["credentials"] =
CredentialCache.DefaultCredentials;

The thing I am not able to come up with is where the variable "proxy" is
set and what is it? If I try making it be the RemotingInterface object
in the code below, I still get my (401) Unauthorized error. Can you
clear this up for me?

TIA
Ron L

------------------------------ Code
Stub -------------------------------------------
Sub Main()
Dim _NWInfo As iNWInfo
Dim serverURL As String =
"http://localhost/dotNET/RemotingTest/NWInfo.rem"

Console.WriteLine("Welcome to the client application.")

_NWInfo =
CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
RemotingInterface.iNWInfo)

Dim channelProperties As IDictionary
channelProperties =
ChannelServices.GetChannelSinkProperties(_NWInfo)
channelProperties("credentials") =
System.Net.CredentialCache.DefaultCredentials
Console.WriteLine(channelProperties("credentials"))


Console.WriteLine(_NWInfo.GetMessage)

Dim dt As DataTable
Dim row As DataRow
dt = _NWInfo.GetMostExpensiveProducts
For Each row In dt.Rows
Console.WriteLine(row.Item(0))
Next
Console.WriteLine("Press the <enter> key to exit.")
Console.Read()
End Sub
------------------------------\Code
Stub -------------------------------------------

Nicole
I have been attempting to wade through the reference you gave me (it
was the same reference that Gregory gave). What I want my application
to be able to do is to try the credentials of the currently logged in
user, and if that fails prompt the user for a username and password.
Is this two different instances of using specific credentials, or is it
one instance of using default credentials and one of using specific
credentials?

If you want to allow falling back to user-provided credentials, you'll
need to do at least two things:

1. Use programmatic configuration of the credentials in your client
application rather than specifying the credentials using channel
attributes in the configuration file. An example of the programmatic
approach is shown in the "Programmatic configuration" section of the
".NET Remoting Security" reference.

2. Adjust the client code in #1 to attempt to connect to the server
and, if authentication fails, prompt the user for custom credentials
then switch over to using those credentials. An example of setting the
proxy to use such credentials is shown in the "Using specific
credentials" section of the ".NET Remoting Security" reference.



As to disabling automatic login (setting it to anonymous in Local
Intranet, and trusted sites), I get the "You are not authorized to view
this page" error page.

Good news since this means that the user credentials automatically
provided by IE prior to disabling this behaviour were authenticating
successfully and permitting access to the server.



Ron L



"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message Nicole
I guess I don't know how I am specifying the credentials on the
client side.

Then chances are very good that the client credentials aren't being
passed. See
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
(particularly the "Passing Credentials for Authentication to Remote
Objects" section) for possible approaches.


As I said to Gregory, I was assuming that IIS handled the credentials
as it does for ASP.

IIS will perform the user authentication, but only if the user's
credentials are passed from the client machine, which is something
that IIS cannot do. The transparent passing of client credentials that
you see when using IE to browse a Windows-authenticated intranet site
is because IE is configured to pass those credentials without user
intervention. You'll need to make it possible for your client
application to pass the same credentials.


As to accessing the server, if I enter the following URL:
http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl

I get an automatically generated web page listing the message names,
port names, binding names, etc.

What happens if you disable the intranet zone automatic logon in IE?



Ron L



"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message That looks like your server config file, which isn't what I was
asking about. On the client, how are you specifying the credentials
that should be sent to the server? (If you don't know what this
question means, chances are excellent that you're not sending any
credentials, which would explain the authentication problem. <g>)
Also, could you please check if you can access the server via IE?



Nicole
Thanks for your response. I am using a web.config file that I
have included at the end of this message.

Ron L

--------------------------Start
Web.Config ------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
<allow verbs="GET" users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="Off"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

<identity impersonate="true" />

</system.web>

<appSettings>
<!-- Trusted_Connection=yes -->
<add key="ConnectionString"
value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
/>
</appSettings>

<system.runtime.remoting>
<application>
<!-- the following section defines the classes we're exposing to
clients from this host -->
<service>
<wellknown mode="SingleCall"
objectUri = "NWInfo.rem"
type = "RemotingTest.NWInfo, RemotingTest" />

</service>
<channels>
<channel ref="http"
useDefaultCredentials="true" />
</channels>
</application>
</system.runtime.remoting>
</configuration>
-------------------------- End
Web.Config -----------------------------------------------
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message Have you set the remoting client to pass the default credentials
to the server? If so, how? Also, what happens when you attempt
to browse to the server URL in IE?


We are working on a distributed VB.Net application which will
access a SQL database located on a known server. Each client
will run on the user's local machine. To implement this, we are
trying to use remoting for our access to the SQL server, with the
remoting being via IIS. Since all of our users will have accounts
in the destination domain, we want to have IIS handle the
security for us and not allow anonymous. We have set this up with
one of our development clients and servers, but when we try to
connect we get the following error message:
An unhandled exception of type 'System.Net.WebException'
occurred in mscorlib.dll

Additional information: the remote server returned an error:
(401) Unauthorized.



Our configuration is this:
Component Running on
Module1 the development machine
RemotingTest IIS on the development machine
NorthWind DB SQL Server on another server

IIS is configured for Windows Authentication, and the directory
with the RemotingTest object has "Script Source Access" set and
the Execute Permissions are set to "Scripts and Executables". We
have also tried with setting IIS to Allow Anonymous, which moves
the error out to the SQL connection (with the error message of
"can't make a connection for user NULL"). Even if anonymous did
work, it would be a problem for us since the application we are
using requires the username to be accessible.

The SQL server is in a different domain from development machine,
however a trust relationship exists between the two domains. We
have verified that the trust works by opening the NorthWind
database in Enterprise Manager on the development machine.

Can anyone tell us what we are doing wrong here?