Security setting help required in web.config file.

[Robin Patra]

Hi All,

We have the following scenerio.
Machine 1: webservice is deployed in this machine.
Machine 2: UserControl is deployed in this machine.

Case 1:
Now my requirement is a person from Machine 3 types
(http://servername(machine 2)/myusercontrol.aspx.

In this sceneraio i am getting error user not authenticated.

We are using Windows authicated and Windows2003 server.

Case2:
But if i access using (http://localhost(machine2)/myusercontrol.aspx..
I gets the required result.

Can anybody plzz let me know what i am doing wrong in Case1.

This is a urgernt project requiremnet..
Any help is quite appreciated.

Thx in advance.
Robin

 

[Scott Allen]

Hi Robin:

I assume when you get user not authenticated this is on the call from
machine1 to the webservice on machine2? Are you trying to impersonate
the client on the web service call to machine 1?

There is a one hop limit on NTLM credentials, unless you enable
Kerberos delegation. The user's credentials make one hop from the
browser on machine3 to the web server on machine2. The web server
cannot use these credentials to make a second hop to machine1.

There are a couple solutions (at least):

1) Kerberos delegation
2) Running ASP.NET on the web server under a domain account or local
account synchronized with the web service machine.

I hvae an article with some more details. Even thought the article
focuses on SSRS it is applicable to other services.:

Authentication, Role-based Security, and SQL Reporting Services Web
Services
http://www.odetocode.com/Articles/216.aspx

HTH,