"Ron L" <r***@bogus.Address.com> wrote in message
news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
> We are working on a distributed VB.Net application which will access a SQL
> database located on a known server.  Each client will run on the user's
> local machine.  To implement this, we are trying to use remoting for our
> access to the SQL server, with the remoting being via IIS.  Since all of
> our users will have accounts in the destination domain, we want to have
> IIS handle the security for us and not allow anonymous.  We have set this
> up with one of our development clients and servers, but when we try to
> connect we get the following error message:
>      An unhandled exception of type 'System.Net.WebException' occurred in
> mscorlib.dll
>
>      Additional information: the remote server returned an error: (401)
> Unauthorized.
>
>
>
> Our configuration is this:
>      Component         Running on
>      Module1               the development machine
>      RemotingTest        IIS on the development machine
>      NorthWind DB     SQL Server on another server
>
> IIS is configured for Windows Authentication, and the directory with the
> RemotingTest object has "Script Source Access" set and the Execute
> Permissions are set to "Scripts and Executables".  We have also tried with
> setting IIS to Allow Anonymous, which moves the error out to the SQL
> connection (with the error message of "can't make a connection for user
> NULL").  Even if anonymous did work, it would be a problem for us since
> the application we are using requires the username to be accessible.
>
> The SQL server is in a different domain from development machine, however
> a trust relationship exists between the two domains.  We have verified
> that the trust works by opening the NorthWind database in Enterprise
> Manager on the development machine.
>
> Can anyone tell us what we are doing wrong here?
>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
> Have you set the remoting client to pass the default credentials to the
> server?  If so, how?  Also, what happens when you attempt to browse to the
> server URL in IE?
>
>
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>> We are working on a distributed VB.Net application which will access a
>> SQL database located on a known server.  Each client will run on the
>> user's local machine.  To implement this, we are trying to use remoting
>> for our access to the SQL server, with the remoting being via IIS.  Since
>> all of our users will have accounts in the destination domain, we want to
>> have IIS handle the security for us and not allow anonymous.  We have set
>> this up with one of our development clients and servers, but when we try
>> to connect we get the following error message:
>>      An unhandled exception of type 'System.Net.WebException' occurred in
>> mscorlib.dll
>>
>>      Additional information: the remote server returned an error: (401)
>> Unauthorized.
>>
>>
>>
>> Our configuration is this:
>>      Component         Running on
>>      Module1               the development machine
>>      RemotingTest        IIS on the development machine
>>      NorthWind DB     SQL Server on another server
>>
>> IIS is configured for Windows Authentication, and the directory with the
>> RemotingTest object has "Script Source Access" set and the Execute
>> Permissions are set to "Scripts and Executables".  We have also tried
>> with setting IIS to Allow Anonymous, which moves the error out to the SQL
>> connection (with the error message of "can't make a connection for user
>> NULL").  Even if anonymous did work, it would be a problem for us since
>> the application we are using requires the username to be accessible.
>>
>> The SQL server is in a different domain from development machine, however
>> a trust relationship exists between the two domains.  We have verified
>> that the trust works by opening the NorthWind database in Enterprise
>> Manager on the development machine.
>>
>> Can anyone tell us what we are doing wrong here?
>>
>>
>>
>
>

"Ron L" <r***@bogus.Address.com> wrote in message
news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
> Nicole
>    Thanks for your response.  I am using a web.config file that I have
> included at the end of this message.
>
> Ron L
>
> --------------------------Start
> Web.Config ------------------------------------------------
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
>
>  <system.web>
>    <compilation defaultLanguage="vb" debug="true" />
>    <customErrors mode="RemoteOnly" />
>    <authentication mode="Windows" />
>    <authorization>
>        <allow users="*" /> <!-- Allow all users -->
>        <allow verbs="GET" users="*" />
>    </authorization>
>    <trace enabled="false" requestLimit="10" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
>    <sessionState
>            mode="Off"
>    />
>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>
>    <identity impersonate="true" />
>
>  </system.web>
>
>  <appSettings>
>   <!-- Trusted_Connection=yes -->
>     <add key="ConnectionString"
>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>  </appSettings>
>
>  <system.runtime.remoting>
>  <application>
>   <!-- the following section defines the classes we're exposing to clients
> from this host -->
>   <service>
>    <wellknown mode="SingleCall"
>     objectUri = "NWInfo.rem"
>     type = "RemotingTest.NWInfo, RemotingTest" />
>
>   </service>
>   <channels>
>    <channel ref="http"
>     useDefaultCredentials="true" />
>   </channels>
>  </application>
> </system.runtime.remoting>
> </configuration>
> --------------------------  End
> Web.Config -----------------------------------------------
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>> Have you set the remoting client to pass the default credentials to the
>> server?  If so, how?  Also, what happens when you attempt to browse to
>> the server URL in IE?
>>
>>
>> "Ron L" <r***@bogus.Address.com> wrote in message
>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>> We are working on a distributed VB.Net application which will access a
>>> SQL database located on a known server.  Each client will run on the
>>> user's local machine.  To implement this, we are trying to use remoting
>>> for our access to the SQL server, with the remoting being via IIS.
>>> Since all of our users will have accounts in the destination domain, we
>>> want to have IIS handle the security for us and not allow anonymous.  We
>>> have set this up with one of our development clients and servers, but
>>> when we try to connect we get the following error message:
>>>      An unhandled exception of type 'System.Net.WebException' occurred
>>> in mscorlib.dll
>>>
>>>      Additional information: the remote server returned an error: (401)
>>> Unauthorized.
>>>
>>>
>>>
>>> Our configuration is this:
>>>      Component         Running on
>>>      Module1               the development machine
>>>      RemotingTest        IIS on the development machine
>>>      NorthWind DB     SQL Server on another server
>>>
>>> IIS is configured for Windows Authentication, and the directory with the
>>> RemotingTest object has "Script Source Access" set and the Execute
>>> Permissions are set to "Scripts and Executables".  We have also tried
>>> with setting IIS to Allow Anonymous, which moves the error out to the
>>> SQL connection (with the error message of "can't make a connection for
>>> user NULL").  Even if anonymous did work, it would be a problem for us
>>> since the application we are using requires the username to be
>>> accessible.
>>>
>>> The SQL server is in a different domain from development machine,
>>> however a trust relationship exists between the two domains.  We have
>>> verified that the trust works by opening the NorthWind database in
>>> Enterprise Manager on the development machine.
>>>
>>> Can anyone tell us what we are doing wrong here?
>>>
>>>
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
> That looks like your server config file, which isn't what I was asking
> about.  On the client, how are you specifying the credentials that should
> be sent to the server?  (If you don't know what this question means,
> chances are excellent that you're not sending any credentials, which would
> explain the authentication problem. <g>)  Also, could you please check if
> you can access the server via IE?
>
>
>
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>> Nicole
>>    Thanks for your response.  I am using a web.config file that I have
>> included at the end of this message.
>>
>> Ron L
>>
>> --------------------------Start
>> Web.Config ------------------------------------------------
>> <?xml version="1.0" encoding="utf-8" ?>
>> <configuration>
>>
>>  <system.web>
>>    <compilation defaultLanguage="vb" debug="true" />
>>    <customErrors mode="RemoteOnly" />
>>    <authentication mode="Windows" />
>>    <authorization>
>>        <allow users="*" /> <!-- Allow all users -->
>>        <allow verbs="GET" users="*" />
>>    </authorization>
>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>> traceMode="SortByTime" localOnly="true" />
>>    <sessionState
>>            mode="Off"
>>    />
>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>
>>    <identity impersonate="true" />
>>
>>  </system.web>
>>
>>  <appSettings>
>>   <!-- Trusted_Connection=yes -->
>>     <add key="ConnectionString"
>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>>  </appSettings>
>>
>>  <system.runtime.remoting>
>>  <application>
>>   <!-- the following section defines the classes we're exposing to
>> clients from this host -->
>>   <service>
>>    <wellknown mode="SingleCall"
>>     objectUri = "NWInfo.rem"
>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>
>>   </service>
>>   <channels>
>>    <channel ref="http"
>>     useDefaultCredentials="true" />
>>   </channels>
>>  </application>
>> </system.runtime.remoting>
>> </configuration>
>> --------------------------  End
>> Web.Config -----------------------------------------------
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>> Have you set the remoting client to pass the default credentials to the
>>> server?  If so, how?  Also, what happens when you attempt to browse to
>>> the server URL in IE?
>>>
>>>
>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>> We are working on a distributed VB.Net application which will access a
>>>> SQL database located on a known server.  Each client will run on the
>>>> user's local machine.  To implement this, we are trying to use remoting
>>>> for our access to the SQL server, with the remoting being via IIS.
>>>> Since all of our users will have accounts in the destination domain, we
>>>> want to have IIS handle the security for us and not allow anonymous.
>>>> We have set this up with one of our development clients and servers,
>>>> but when we try to connect we get the following error message:
>>>>      An unhandled exception of type 'System.Net.WebException' occurred
>>>> in mscorlib.dll
>>>>
>>>>      Additional information: the remote server returned an error: (401)
>>>> Unauthorized.
>>>>
>>>>
>>>>
>>>> Our configuration is this:
>>>>      Component         Running on
>>>>      Module1               the development machine
>>>>      RemotingTest        IIS on the development machine
>>>>      NorthWind DB     SQL Server on another server
>>>>
>>>> IIS is configured for Windows Authentication, and the directory with
>>>> the RemotingTest object has "Script Source Access" set and the Execute
>>>> Permissions are set to "Scripts and Executables".  We have also tried
>>>> with setting IIS to Allow Anonymous, which moves the error out to the
>>>> SQL connection (with the error message of "can't make a connection for
>>>> user NULL").  Even if anonymous did work, it would be a problem for us
>>>> since the application we are using requires the username to be
>>>> accessible.
>>>>
>>>> The SQL server is in a different domain from development machine,
>>>> however a trust relationship exists between the two domains.  We have
>>>> verified that the trust works by opening the NorthWind database in
>>>> Enterprise Manager on the development machine.
>>>>
>>>> Can anyone tell us what we are doing wrong here?
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

>
> Ron L
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>> That looks like your server config file, which isn't what I was asking
>> about.  On the client, how are you specifying the credentials that should
>> be sent to the server?  (If you don't know what this question means,
>> chances are excellent that you're not sending any credentials, which
>> would explain the authentication problem. <g>)  Also, could you please
>> check if you can access the server via IE?
>>
>>
>>
>> "Ron L" <r***@bogus.Address.com> wrote in message
>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>> Nicole
>>>    Thanks for your response.  I am using a web.config file that I have
>>> included at the end of this message.
>>>
>>> Ron L
>>>
>>> --------------------------Start
>>> Web.Config ------------------------------------------------
>>> <?xml version="1.0" encoding="utf-8" ?>
>>> <configuration>
>>>
>>>  <system.web>
>>>    <compilation defaultLanguage="vb" debug="true" />
>>>    <customErrors mode="RemoteOnly" />
>>>    <authentication mode="Windows" />
>>>    <authorization>
>>>        <allow users="*" /> <!-- Allow all users -->
>>>        <allow verbs="GET" users="*" />
>>>    </authorization>
>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>> traceMode="SortByTime" localOnly="true" />
>>>    <sessionState
>>>            mode="Off"
>>>    />
>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>>
>>>    <identity impersonate="true" />
>>>
>>>  </system.web>
>>>
>>>  <appSettings>
>>>   <!-- Trusted_Connection=yes -->
>>>     <add key="ConnectionString"
>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>>>  </appSettings>
>>>
>>>  <system.runtime.remoting>
>>>  <application>
>>>   <!-- the following section defines the classes we're exposing to
>>> clients from this host -->
>>>   <service>
>>>    <wellknown mode="SingleCall"
>>>     objectUri = "NWInfo.rem"
>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>
>>>   </service>
>>>   <channels>
>>>    <channel ref="http"
>>>     useDefaultCredentials="true" />
>>>   </channels>
>>>  </application>
>>> </system.runtime.remoting>
>>> </configuration>
>>> --------------------------  End
>>> Web.Config -----------------------------------------------
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>> Have you set the remoting client to pass the default credentials to the
>>>> server?  If so, how?  Also, what happens when you attempt to browse to
>>>> the server URL in IE?
>>>>
>>>>
>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>> We are working on a distributed VB.Net application which will access a
>>>>> SQL database located on a known server.  Each client will run on the
>>>>> user's local machine.  To implement this, we are trying to use
>>>>> remoting for our access to the SQL server, with the remoting being via
>>>>> IIS. Since all of our users will have accounts in the destination
>>>>> domain, we want to have IIS handle the security for us and not allow
>>>>> anonymous. We have set this up with one of our development clients and
>>>>> servers, but when we try to connect we get the following error
>>>>> message:
>>>>>      An unhandled exception of type 'System.Net.WebException' occurred
>>>>> in mscorlib.dll
>>>>>
>>>>>      Additional information: the remote server returned an error:
>>>>> (401) Unauthorized.
>>>>>
>>>>>
>>>>>
>>>>> Our configuration is this:
>>>>>      Component         Running on
>>>>>      Module1               the development machine
>>>>>      RemotingTest        IIS on the development machine
>>>>>      NorthWind DB     SQL Server on another server
>>>>>
>>>>> IIS is configured for Windows Authentication, and the directory with
>>>>> the RemotingTest object has "Script Source Access" set and the Execute
>>>>> Permissions are set to "Scripts and Executables".  We have also tried
>>>>> with setting IIS to Allow Anonymous, which moves the error out to the
>>>>> SQL connection (with the error message of "can't make a connection for
>>>>> user NULL").  Even if anonymous did work, it would be a problem for us
>>>>> since the application we are using requires the username to be
>>>>> accessible.
>>>>>
>>>>> The SQL server is in a different domain from development machine,
>>>>> however a trust relationship exists between the two domains.  We have
>>>>> verified that the trust works by opening the NorthWind database in
>>>>> Enterprise Manager on the development machine.
>>>>>
>>>>> Can anyone tell us what we are doing wrong here?
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>> Nicole
>>    I guess I don't know how I am specifying the credentials on the client
>> side.
>
> Then chances are very good that the client credentials aren't being
> passed. See
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
> (particularly the "Passing Credentials for Authentication to Remote
> Objects" section) for possible approaches.
>
>
>> As I said to Gregory, I was assuming that IIS handled the credentials as
>> it does for ASP.
>
> IIS will perform the user authentication, but only if the user's
> credentials are passed from the client machine, which is something that
> IIS cannot do. The transparent passing of client credentials that you see
> when using IE to browse a Windows-authenticated intranet site is because
> IE is configured to pass those credentials without user intervention.
> You'll need to make it possible for your client application to pass the
> same credentials.
>
>
>> As to accessing the server, if I enter the following URL:
>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>
>> I get an automatically generated web page listing the message names, port
>> names, binding names, etc.
>
> What happens if you disable the intranet zone automatic logon in IE?
>
>
>>
>> Ron L
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>> That looks like your server config file, which isn't what I was asking
>>> about.  On the client, how are you specifying the credentials that
>>> should be sent to the server?  (If you don't know what this question
>>> means, chances are excellent that you're not sending any credentials,
>>> which would explain the authentication problem. <g>)  Also, could you
>>> please check if you can access the server via IE?
>>>
>>>
>>>
>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>> Nicole
>>>>    Thanks for your response.  I am using a web.config file that I have
>>>> included at the end of this message.
>>>>
>>>> Ron L
>>>>
>>>> --------------------------Start
>>>> Web.Config ------------------------------------------------
>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>> <configuration>
>>>>
>>>>  <system.web>
>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>    <customErrors mode="RemoteOnly" />
>>>>    <authentication mode="Windows" />
>>>>    <authorization>
>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>        <allow verbs="GET" users="*" />
>>>>    </authorization>
>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>> traceMode="SortByTime" localOnly="true" />
>>>>    <sessionState
>>>>            mode="Off"
>>>>    />
>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>>>
>>>>    <identity impersonate="true" />
>>>>
>>>>  </system.web>
>>>>
>>>>  <appSettings>
>>>>   <!-- Trusted_Connection=yes -->
>>>>     <add key="ConnectionString"
>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>>>>  </appSettings>
>>>>
>>>>  <system.runtime.remoting>
>>>>  <application>
>>>>   <!-- the following section defines the classes we're exposing to
>>>> clients from this host -->
>>>>   <service>
>>>>    <wellknown mode="SingleCall"
>>>>     objectUri = "NWInfo.rem"
>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>
>>>>   </service>
>>>>   <channels>
>>>>    <channel ref="http"
>>>>     useDefaultCredentials="true" />
>>>>   </channels>
>>>>  </application>
>>>> </system.runtime.remoting>
>>>> </configuration>
>>>> --------------------------  End
>>>> Web.Config -----------------------------------------------
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>> Have you set the remoting client to pass the default credentials to
>>>>> the server?  If so, how?  Also, what happens when you attempt to
>>>>> browse to the server URL in IE?
>>>>>
>>>>>
>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>> We are working on a distributed VB.Net application which will access
>>>>>> a SQL database located on a known server.  Each client will run on
>>>>>> the user's local machine.  To implement this, we are trying to use
>>>>>> remoting for our access to the SQL server, with the remoting being
>>>>>> via IIS. Since all of our users will have accounts in the destination
>>>>>> domain, we want to have IIS handle the security for us and not allow
>>>>>> anonymous. We have set this up with one of our development clients
>>>>>> and servers, but when we try to connect we get the following error
>>>>>> message:
>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>> occurred in mscorlib.dll
>>>>>>
>>>>>>      Additional information: the remote server returned an error:
>>>>>> (401) Unauthorized.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Our configuration is this:
>>>>>>      Component         Running on
>>>>>>      Module1               the development machine
>>>>>>      RemotingTest        IIS on the development machine
>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>
>>>>>> IIS is configured for Windows Authentication, and the directory with
>>>>>> the RemotingTest object has "Script Source Access" set and the
>>>>>> Execute Permissions are set to "Scripts and Executables".  We have
>>>>>> also tried with setting IIS to Allow Anonymous, which moves the error
>>>>>> out to the SQL connection (with the error message of "can't make a
>>>>>> connection for user NULL").  Even if anonymous did work, it would be
>>>>>> a problem for us since the application we are using requires the
>>>>>> username to be accessible.
>>>>>>
>>>>>> The SQL server is in a different domain from development machine,
>>>>>> however a trust relationship exists between the two domains.  We have
>>>>>> verified that the trust works by opening the NorthWind database in
>>>>>> Enterprise Manager on the development machine.
>>>>>>
>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

>
> Ron L
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
>> "Ron L" <r***@bogus.Address.com> wrote in message
>> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>>> Nicole
>>>    I guess I don't know how I am specifying the credentials on the
>>> client side.
>>
>> Then chances are very good that the client credentials aren't being
>> passed. See
>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>> (particularly the "Passing Credentials for Authentication to Remote
>> Objects" section) for possible approaches.
>>
>>
>>> As I said to Gregory, I was assuming that IIS handled the credentials as
>>> it does for ASP.
>>
>> IIS will perform the user authentication, but only if the user's
>> credentials are passed from the client machine, which is something that
>> IIS cannot do. The transparent passing of client credentials that you see
>> when using IE to browse a Windows-authenticated intranet site is because
>> IE is configured to pass those credentials without user intervention.
>> You'll need to make it possible for your client application to pass the
>> same credentials.
>>
>>
>>> As to accessing the server, if I enter the following URL:
>>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>>
>>> I get an automatically generated web page listing the message names,
>>> port names, binding names, etc.
>>
>> What happens if you disable the intranet zone automatic logon in IE?
>>
>>
>>>
>>> Ron L
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>>> That looks like your server config file, which isn't what I was asking
>>>> about.  On the client, how are you specifying the credentials that
>>>> should be sent to the server?  (If you don't know what this question
>>>> means, chances are excellent that you're not sending any credentials,
>>>> which would explain the authentication problem. <g>)  Also, could you
>>>> please check if you can access the server via IE?
>>>>
>>>>
>>>>
>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>>> Nicole
>>>>>    Thanks for your response.  I am using a web.config file that I have
>>>>> included at the end of this message.
>>>>>
>>>>> Ron L
>>>>>
>>>>> --------------------------Start
>>>>> Web.Config ------------------------------------------------
>>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>>> <configuration>
>>>>>
>>>>>  <system.web>
>>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>>    <customErrors mode="RemoteOnly" />
>>>>>    <authentication mode="Windows" />
>>>>>    <authorization>
>>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>>        <allow verbs="GET" users="*" />
>>>>>    </authorization>
>>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>>> traceMode="SortByTime" localOnly="true" />
>>>>>    <sessionState
>>>>>            mode="Off"
>>>>>    />
>>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>>>>
>>>>>    <identity impersonate="true" />
>>>>>
>>>>>  </system.web>
>>>>>
>>>>>  <appSettings>
>>>>>   <!-- Trusted_Connection=yes -->
>>>>>     <add key="ConnectionString"
>>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>>>>>  </appSettings>
>>>>>
>>>>>  <system.runtime.remoting>
>>>>>  <application>
>>>>>   <!-- the following section defines the classes we're exposing to
>>>>> clients from this host -->
>>>>>   <service>
>>>>>    <wellknown mode="SingleCall"
>>>>>     objectUri = "NWInfo.rem"
>>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>>
>>>>>   </service>
>>>>>   <channels>
>>>>>    <channel ref="http"
>>>>>     useDefaultCredentials="true" />
>>>>>   </channels>
>>>>>  </application>
>>>>> </system.runtime.remoting>
>>>>> </configuration>
>>>>> --------------------------  End
>>>>> Web.Config -----------------------------------------------
>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>>> Have you set the remoting client to pass the default credentials to
>>>>>> the server?  If so, how?  Also, what happens when you attempt to
>>>>>> browse to the server URL in IE?
>>>>>>
>>>>>>
>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>>> We are working on a distributed VB.Net application which will access
>>>>>>> a SQL database located on a known server.  Each client will run on
>>>>>>> the user's local machine.  To implement this, we are trying to use
>>>>>>> remoting for our access to the SQL server, with the remoting being
>>>>>>> via IIS. Since all of our users will have accounts in the
>>>>>>> destination domain, we want to have IIS handle the security for us
>>>>>>> and not allow anonymous. We have set this up with one of our
>>>>>>> development clients and servers, but when we try to connect we get
>>>>>>> the following error message:
>>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>>> occurred in mscorlib.dll
>>>>>>>
>>>>>>>      Additional information: the remote server returned an error:
>>>>>>> (401) Unauthorized.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Our configuration is this:
>>>>>>>      Component         Running on
>>>>>>>      Module1               the development machine
>>>>>>>      RemotingTest        IIS on the development machine
>>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>>
>>>>>>> IIS is configured for Windows Authentication, and the directory with
>>>>>>> the RemotingTest object has "Script Source Access" set and the
>>>>>>> Execute Permissions are set to "Scripts and Executables".  We have
>>>>>>> also tried with setting IIS to Allow Anonymous, which moves the
>>>>>>> error out to the SQL connection (with the error message of "can't
>>>>>>> make a connection for user NULL").  Even if anonymous did work, it
>>>>>>> would be a problem for us since the application we are using
>>>>>>> requires the username to be accessible.
>>>>>>>
>>>>>>> The SQL server is in a different domain from development machine,
>>>>>>> however a trust relationship exists between the two domains.  We
>>>>>>> have verified that the trust works by opening the NorthWind database
>>>>>>> in Enterprise Manager on the development machine.
>>>>>>>
>>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OE8hJrhZFHA.2788@TK2MSFTNGP12.phx.gbl...
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:%23d6PdbhZFHA.1424@TK2MSFTNGP15.phx.gbl...
>> Nicole
>>    I have been attempting to wade through the reference you gave me (it
>> was the same reference that Gregory gave).  What I want my application to
>> be able to do is to try the credentials of the currently logged in user,
>> and if that fails prompt the user for a username and password.  Is this
>> two different instances of using specific credentials, or is it one
>> instance of using default credentials and one of using specific
>> credentials?
>
> If you want to allow falling back to user-provided credentials, you'll
> need to do at least two things:
>
> 1.  Use programmatic configuration of the credentials in your client
> application rather than specifying the credentials using channel
> attributes in the configuration file.  An example of the programmatic
> approach is shown in the "Programmatic configuration" section of the ".NET
> Remoting Security" reference.
>
> 2.  Adjust the client code in #1 to attempt to connect to the server and,
> if authentication fails, prompt the user for custom credentials then
> switch over to using those credentials.  An example of setting the proxy
> to use such credentials is shown in the "Using specific credentials"
> section of the ".NET Remoting Security" reference.
>
>
>
>>    As to disabling automatic login (setting it to anonymous in Local
>> Intranet, and trusted sites), I get the "You are not authorized to view
>> this page" error page.
>
> Good news since this means that the user credentials automatically
> provided by IE prior to disabling this behaviour were authenticating
> successfully and permitting access to the server.
>
>
>>
>> Ron L
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>>>> Nicole
>>>>    I guess I don't know how I am specifying the credentials on the
>>>> client side.
>>>
>>> Then chances are very good that the client credentials aren't being
>>> passed. See
>>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>>> (particularly the "Passing Credentials for Authentication to Remote
>>> Objects" section) for possible approaches.
>>>
>>>
>>>> As I said to Gregory, I was assuming that IIS handled the credentials
>>>> as it does for ASP.
>>>
>>> IIS will perform the user authentication, but only if the user's
>>> credentials are passed from the client machine, which is something that
>>> IIS cannot do. The transparent passing of client credentials that you
>>> see when using IE to browse a Windows-authenticated intranet site is
>>> because IE is configured to pass those credentials without user
>>> intervention. You'll need to make it possible for your client
>>> application to pass the same credentials.
>>>
>>>
>>>> As to accessing the server, if I enter the following URL:
>>>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>>>
>>>> I get an automatically generated web page listing the message names,
>>>> port names, binding names, etc.
>>>
>>> What happens if you disable the intranet zone automatic logon in IE?
>>>
>>>
>>>>
>>>> Ron L
>>>>
>>>>
>>>>
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>>>> That looks like your server config file, which isn't what I was asking
>>>>> about.  On the client, how are you specifying the credentials that
>>>>> should be sent to the server?  (If you don't know what this question
>>>>> means, chances are excellent that you're not sending any credentials,
>>>>> which would explain the authentication problem. <g>)  Also, could you
>>>>> please check if you can access the server via IE?
>>>>>
>>>>>
>>>>>
>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>>>> Nicole
>>>>>>    Thanks for your response.  I am using a web.config file that I
>>>>>> have included at the end of this message.
>>>>>>
>>>>>> Ron L
>>>>>>
>>>>>> --------------------------Start
>>>>>> Web.Config ------------------------------------------------
>>>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>>>> <configuration>
>>>>>>
>>>>>>  <system.web>
>>>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>>>    <customErrors mode="RemoteOnly" />
>>>>>>    <authentication mode="Windows" />
>>>>>>    <authorization>
>>>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>>>        <allow verbs="GET" users="*" />
>>>>>>    </authorization>
>>>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>>>> traceMode="SortByTime" localOnly="true" />
>>>>>>    <sessionState
>>>>>>            mode="Off"
>>>>>>    />
>>>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>>>>>
>>>>>>    <identity impersonate="true" />
>>>>>>
>>>>>>  </system.web>
>>>>>>
>>>>>>  <appSettings>
>>>>>>   <!-- Trusted_Connection=yes -->
>>>>>>     <add key="ConnectionString"
>>>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>>>> />
>>>>>>  </appSettings>
>>>>>>
>>>>>>  <system.runtime.remoting>
>>>>>>  <application>
>>>>>>   <!-- the following section defines the classes we're exposing to
>>>>>> clients from this host -->
>>>>>>   <service>
>>>>>>    <wellknown mode="SingleCall"
>>>>>>     objectUri = "NWInfo.rem"
>>>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>>>
>>>>>>   </service>
>>>>>>   <channels>
>>>>>>    <channel ref="http"
>>>>>>     useDefaultCredentials="true" />
>>>>>>   </channels>
>>>>>>  </application>
>>>>>> </system.runtime.remoting>
>>>>>> </configuration>
>>>>>> --------------------------  End
>>>>>> Web.Config -----------------------------------------------
>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>>>> Have you set the remoting client to pass the default credentials to
>>>>>>> the server?  If so, how?  Also, what happens when you attempt to
>>>>>>> browse to the server URL in IE?
>>>>>>>
>>>>>>>
>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>>>> We are working on a distributed VB.Net application which will
>>>>>>>> access a SQL database located on a known server.  Each client will
>>>>>>>> run on the user's local machine.  To implement this, we are trying
>>>>>>>> to use remoting for our access to the SQL server, with the remoting
>>>>>>>> being via IIS. Since all of our users will have accounts in the
>>>>>>>> destination domain, we want to have IIS handle the security for us
>>>>>>>> and not allow anonymous. We have set this up with one of our
>>>>>>>> development clients and servers, but when we try to connect we get
>>>>>>>> the following error message:
>>>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>>>> occurred in mscorlib.dll
>>>>>>>>
>>>>>>>>      Additional information: the remote server returned an error:
>>>>>>>> (401) Unauthorized.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Our configuration is this:
>>>>>>>>      Component         Running on
>>>>>>>>      Module1               the development machine
>>>>>>>>      RemotingTest        IIS on the development machine
>>>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>>>
>>>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>>>> with the RemotingTest object has "Script Source Access" set and the
>>>>>>>> Execute Permissions are set to "Scripts and Executables".  We have
>>>>>>>> also tried with setting IIS to Allow Anonymous, which moves the
>>>>>>>> error out to the SQL connection (with the error message of "can't
>>>>>>>> make a connection for user NULL").  Even if anonymous did work, it
>>>>>>>> would be a problem for us since the application we are using
>>>>>>>> requires the username to be accessible.
>>>>>>>>
>>>>>>>> The SQL server is in a different domain from development machine,
>>>>>>>> however a trust relationship exists between the two domains.  We
>>>>>>>> have verified that the trust works by opening the NorthWind
>>>>>>>> database in Enterprise Manager on the development machine.
>>>>>>>>
>>>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Ron L" <r***@bogus.Address.com> wrote in message
news:%23H31R5sZFHA.3840@tk2msftngp13.phx.gbl...
> Nicole
> I have found the code you referenced as an example:
>
>    IDictionary channelProperties;
>    channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
>    channelProperties ["credentials"] = CredentialCache.DefaultCredentials;
>
> The thing I am not able to come up with is where the variable "proxy" is
> set and what is it?  If I try making it be the RemotingInterface object in
> the code below, I still get my (401) Unauthorized error.  Can you clear
> this up for me?
>
> TIA
> Ron L
>
> ------------------------------ Code
> Stub -------------------------------------------
>    Sub Main()
>        Dim _NWInfo As iNWInfo
>        Dim serverURL As String =
> "http://localhost/dotNET/RemotingTest/NWInfo.rem"
>
>        Console.WriteLine("Welcome to the client application.")
>
>        _NWInfo =
> CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
>                                            RemotingInterface.iNWInfo)
>
>        Dim channelProperties As IDictionary
>        channelProperties =
> ChannelServices.GetChannelSinkProperties(_NWInfo)
>        channelProperties("credentials") =
> System.Net.CredentialCache.DefaultCredentials
>        Console.WriteLine(channelProperties("credentials"))
>
>
>        Console.WriteLine(_NWInfo.GetMessage)
>
>        Dim dt As DataTable
>        Dim row As DataRow
>        dt = _NWInfo.GetMostExpensiveProducts
>        For Each row In dt.Rows
>            Console.WriteLine(row.Item(0))
>        Next
>        Console.WriteLine("Press the <enter> key to exit.")
>        Console.Read()
>    End Sub
> ------------------------------\Code
> Stub -------------------------------------------
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:OE8hJrhZFHA.2788@TK2MSFTNGP12.phx.gbl...
>> "Ron L" <r***@bogus.Address.com> wrote in message
>> news:%23d6PdbhZFHA.1424@TK2MSFTNGP15.phx.gbl...
>>> Nicole
>>>    I have been attempting to wade through the reference you gave me (it
>>> was the same reference that Gregory gave).  What I want my application
>>> to be able to do is to try the credentials of the currently logged in
>>> user, and if that fails prompt the user for a username and password.  Is
>>> this two different instances of using specific credentials, or is it one
>>> instance of using default credentials and one of using specific
>>> credentials?
>>
>> If you want to allow falling back to user-provided credentials, you'll
>> need to do at least two things:
>>
>> 1.  Use programmatic configuration of the credentials in your client
>> application rather than specifying the credentials using channel
>> attributes in the configuration file.  An example of the programmatic
>> approach is shown in the "Programmatic configuration" section of the
>> ".NET Remoting Security" reference.
>>
>> 2.  Adjust the client code in #1 to attempt to connect to the server and,
>> if authentication fails, prompt the user for custom credentials then
>> switch over to using those credentials.  An example of setting the proxy
>> to use such credentials is shown in the "Using specific credentials"
>> section of the ".NET Remoting Security" reference.
>>
>>
>>
>>>    As to disabling automatic login (setting it to anonymous in Local
>>> Intranet, and trusted sites), I get the "You are not authorized to view
>>> this page" error page.
>>
>> Good news since this means that the user credentials automatically
>> provided by IE prior to disabling this behaviour were authenticating
>> successfully and permitting access to the server.
>>
>>
>>>
>>> Ron L
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>>>>> Nicole
>>>>>    I guess I don't know how I am specifying the credentials on the
>>>>> client side.
>>>>
>>>> Then chances are very good that the client credentials aren't being
>>>> passed. See
>>>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>>>> (particularly the "Passing Credentials for Authentication to Remote
>>>> Objects" section) for possible approaches.
>>>>
>>>>
>>>>> As I said to Gregory, I was assuming that IIS handled the credentials
>>>>> as it does for ASP.
>>>>
>>>> IIS will perform the user authentication, but only if the user's
>>>> credentials are passed from the client machine, which is something that
>>>> IIS cannot do. The transparent passing of client credentials that you
>>>> see when using IE to browse a Windows-authenticated intranet site is
>>>> because IE is configured to pass those credentials without user
>>>> intervention. You'll need to make it possible for your client
>>>> application to pass the same credentials.
>>>>
>>>>
>>>>> As to accessing the server, if I enter the following URL:
>>>>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>>>>
>>>>> I get an automatically generated web page listing the message names,
>>>>> port names, binding names, etc.
>>>>
>>>> What happens if you disable the intranet zone automatic logon in IE?
>>>>
>>>>
>>>>>
>>>>> Ron L
>>>>>
>>>>>
>>>>>
>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>> message news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>>>>> That looks like your server config file, which isn't what I was
>>>>>> asking about.  On the client, how are you specifying the credentials
>>>>>> that should be sent to the server?  (If you don't know what this
>>>>>> question means, chances are excellent that you're not sending any
>>>>>> credentials, which would explain the authentication problem. <g>)
>>>>>> Also, could you please check if you can access the server via IE?
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>>>>> Nicole
>>>>>>>    Thanks for your response.  I am using a web.config file that I
>>>>>>> have included at the end of this message.
>>>>>>>
>>>>>>> Ron L
>>>>>>>
>>>>>>> --------------------------Start
>>>>>>> Web.Config ------------------------------------------------
>>>>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>>>>> <configuration>
>>>>>>>
>>>>>>>  <system.web>
>>>>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>>>>    <customErrors mode="RemoteOnly" />
>>>>>>>    <authentication mode="Windows" />
>>>>>>>    <authorization>
>>>>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>>>>        <allow verbs="GET" users="*" />
>>>>>>>    </authorization>
>>>>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>>>>> traceMode="SortByTime" localOnly="true" />
>>>>>>>    <sessionState
>>>>>>>            mode="Off"
>>>>>>>    />
>>>>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>>>>>> />
>>>>>>>
>>>>>>>    <identity impersonate="true" />
>>>>>>>
>>>>>>>  </system.web>
>>>>>>>
>>>>>>>  <appSettings>
>>>>>>>   <!-- Trusted_Connection=yes -->
>>>>>>>     <add key="ConnectionString"
>>>>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>>>>> />
>>>>>>>  </appSettings>
>>>>>>>
>>>>>>>  <system.runtime.remoting>
>>>>>>>  <application>
>>>>>>>   <!-- the following section defines the classes we're exposing to
>>>>>>> clients from this host -->
>>>>>>>   <service>
>>>>>>>    <wellknown mode="SingleCall"
>>>>>>>     objectUri = "NWInfo.rem"
>>>>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>>>>
>>>>>>>   </service>
>>>>>>>   <channels>
>>>>>>>    <channel ref="http"
>>>>>>>     useDefaultCredentials="true" />
>>>>>>>   </channels>
>>>>>>>  </application>
>>>>>>> </system.runtime.remoting>
>>>>>>> </configuration>
>>>>>>> --------------------------  End
>>>>>>> Web.Config -----------------------------------------------
>>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>>>>> Have you set the remoting client to pass the default credentials to
>>>>>>>> the server?  If so, how?  Also, what happens when you attempt to
>>>>>>>> browse to the server URL in IE?
>>>>>>>>
>>>>>>>>
>>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>>>>> We are working on a distributed VB.Net application which will
>>>>>>>>> access a SQL database located on a known server.  Each client will
>>>>>>>>> run on the user's local machine.  To implement this, we are trying
>>>>>>>>> to use remoting for our access to the SQL server, with the
>>>>>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>>>>>> in the destination domain, we want to have IIS handle the security
>>>>>>>>> for us and not allow anonymous. We have set this up with one of
>>>>>>>>> our development clients and servers, but when we try to connect we
>>>>>>>>> get the following error message:
>>>>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>>>>> occurred in mscorlib.dll
>>>>>>>>>
>>>>>>>>>      Additional information: the remote server returned an error:
>>>>>>>>> (401) Unauthorized.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Our configuration is this:
>>>>>>>>>      Component         Running on
>>>>>>>>>      Module1               the development machine
>>>>>>>>>      RemotingTest        IIS on the development machine
>>>>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>>>>
>>>>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>>>>>> the Execute Permissions are set to "Scripts and Executables".  We
>>>>>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>>>>>> the error out to the SQL connection (with the error message of
>>>>>>>>> "can't make a connection for user NULL").  Even if anonymous did
>>>>>>>>> work, it would be a problem for us since the application we are
>>>>>>>>> using requires the username to be accessible.
>>>>>>>>>
>>>>>>>>> The SQL server is in a different domain from development machine,
>>>>>>>>> however a trust relationship exists between the two domains.  We
>>>>>>>>> have verified that the trust works by opening the NorthWind
>>>>>>>>> database in Enterprise Manager on the development machine.
>>>>>>>>>
>>>>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uC0ZpVGaFHA.1040@TK2MSFTNGP10.phx.gbl...
>I can't see any obvious problems in your code.  Do you still get a 401
>error if you try to reproduce the simple sample from
>http://msdn.microsoft.com/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp?
>If not, what happens if you modify the client to use programmatic
>configuration of the URL and credentials instead of reading these from the
>config file?
>
>
>
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:%23H31R5sZFHA.3840@tk2msftngp13.phx.gbl...
>> Nicole
>> I have found the code you referenced as an example:
>>
>>    IDictionary channelProperties;
>>    channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
>>    channelProperties ["credentials"] =
>> CredentialCache.DefaultCredentials;
>>
>> The thing I am not able to come up with is where the variable "proxy" is
>> set and what is it?  If I try making it be the RemotingInterface object
>> in the code below, I still get my (401) Unauthorized error.  Can you
>> clear this up for me?
>>
>> TIA
>> Ron L
>>
>> ------------------------------ Code
>> Stub -------------------------------------------
>>    Sub Main()
>>        Dim _NWInfo As iNWInfo
>>        Dim serverURL As String =
>> "http://localhost/dotNET/RemotingTest/NWInfo.rem"
>>
>>        Console.WriteLine("Welcome to the client application.")
>>
>>        _NWInfo =
>> CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
>>                                            RemotingInterface.iNWInfo)
>>
>>        Dim channelProperties As IDictionary
>>        channelProperties =
>> ChannelServices.GetChannelSinkProperties(_NWInfo)
>>        channelProperties("credentials") =
>> System.Net.CredentialCache.DefaultCredentials
>>        Console.WriteLine(channelProperties("credentials"))
>>
>>
>>        Console.WriteLine(_NWInfo.GetMessage)
>>
>>        Dim dt As DataTable
>>        Dim row As DataRow
>>        dt = _NWInfo.GetMostExpensiveProducts
>>        For Each row In dt.Rows
>>            Console.WriteLine(row.Item(0))
>>        Next
>>        Console.WriteLine("Press the <enter> key to exit.")
>>        Console.Read()
>>    End Sub
>> ------------------------------\Code
>> Stub -------------------------------------------
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:OE8hJrhZFHA.2788@TK2MSFTNGP12.phx.gbl...
>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>> news:%23d6PdbhZFHA.1424@TK2MSFTNGP15.phx.gbl...
>>>> Nicole
>>>>    I have been attempting to wade through the reference you gave me (it
>>>> was the same reference that Gregory gave).  What I want my application
>>>> to be able to do is to try the credentials of the currently logged in
>>>> user, and if that fails prompt the user for a username and password.
>>>> Is this two different instances of using specific credentials, or is it
>>>> one instance of using default credentials and one of using specific
>>>> credentials?
>>>
>>> If you want to allow falling back to user-provided credentials, you'll
>>> need to do at least two things:
>>>
>>> 1.  Use programmatic configuration of the credentials in your client
>>> application rather than specifying the credentials using channel
>>> attributes in the configuration file.  An example of the programmatic
>>> approach is shown in the "Programmatic configuration" section of the
>>> ".NET Remoting Security" reference.
>>>
>>> 2.  Adjust the client code in #1 to attempt to connect to the server
>>> and, if authentication fails, prompt the user for custom credentials
>>> then switch over to using those credentials.  An example of setting the
>>> proxy to use such credentials is shown in the "Using specific
>>> credentials" section of the ".NET Remoting Security" reference.
>>>
>>>
>>>
>>>>    As to disabling automatic login (setting it to anonymous in Local
>>>> Intranet, and trusted sites), I get the "You are not authorized to view
>>>> this page" error page.
>>>
>>> Good news since this means that the user credentials automatically
>>> provided by IE prior to disabling this behaviour were authenticating
>>> successfully and permitting access to the server.
>>>
>>>
>>>>
>>>> Ron L
>>>>
>>>>
>>>>
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>>>>>> Nicole
>>>>>>    I guess I don't know how I am specifying the credentials on the
>>>>>> client side.
>>>>>
>>>>> Then chances are very good that the client credentials aren't being
>>>>> passed. See
>>>>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>>>>> (particularly the "Passing Credentials for Authentication to Remote
>>>>> Objects" section) for possible approaches.
>>>>>
>>>>>
>>>>>> As I said to Gregory, I was assuming that IIS handled the credentials
>>>>>> as it does for ASP.
>>>>>
>>>>> IIS will perform the user authentication, but only if the user's
>>>>> credentials are passed from the client machine, which is something
>>>>> that IIS cannot do. The transparent passing of client credentials that
>>>>> you see when using IE to browse a Windows-authenticated intranet site
>>>>> is because IE is configured to pass those credentials without user
>>>>> intervention. You'll need to make it possible for your client
>>>>> application to pass the same credentials.
>>>>>
>>>>>
>>>>>> As to accessing the server, if I enter the following URL:
>>>>>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>>>>>
>>>>>> I get an automatically generated web page listing the message names,
>>>>>> port names, binding names, etc.
>>>>>
>>>>> What happens if you disable the intranet zone automatic logon in IE?
>>>>>
>>>>>
>>>>>>
>>>>>> Ron L
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>> message news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>>>>>> That looks like your server config file, which isn't what I was
>>>>>>> asking about.  On the client, how are you specifying the credentials
>>>>>>> that should be sent to the server?  (If you don't know what this
>>>>>>> question means, chances are excellent that you're not sending any
>>>>>>> credentials, which would explain the authentication problem. <g>)
>>>>>>> Also, could you please check if you can access the server via IE?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>>>>>> Nicole
>>>>>>>>    Thanks for your response.  I am using a web.config file that I
>>>>>>>> have included at the end of this message.
>>>>>>>>
>>>>>>>> Ron L
>>>>>>>>
>>>>>>>> --------------------------Start
>>>>>>>> Web.Config ------------------------------------------------
>>>>>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>>>>>> <configuration>
>>>>>>>>
>>>>>>>>  <system.web>
>>>>>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>>>>>    <customErrors mode="RemoteOnly" />
>>>>>>>>    <authentication mode="Windows" />
>>>>>>>>    <authorization>
>>>>>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>>>>>        <allow verbs="GET" users="*" />
>>>>>>>>    </authorization>
>>>>>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>>>>>> traceMode="SortByTime" localOnly="true" />
>>>>>>>>    <sessionState
>>>>>>>>            mode="Off"
>>>>>>>>    />
>>>>>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>>>>>>> />
>>>>>>>>
>>>>>>>>    <identity impersonate="true" />
>>>>>>>>
>>>>>>>>  </system.web>
>>>>>>>>
>>>>>>>>  <appSettings>
>>>>>>>>   <!-- Trusted_Connection=yes -->
>>>>>>>>     <add key="ConnectionString"
>>>>>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>>>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>>>>>> />
>>>>>>>>  </appSettings>
>>>>>>>>
>>>>>>>>  <system.runtime.remoting>
>>>>>>>>  <application>
>>>>>>>>   <!-- the following section defines the classes we're exposing to
>>>>>>>> clients from this host -->
>>>>>>>>   <service>
>>>>>>>>    <wellknown mode="SingleCall"
>>>>>>>>     objectUri = "NWInfo.rem"
>>>>>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>>>>>
>>>>>>>>   </service>
>>>>>>>>   <channels>
>>>>>>>>    <channel ref="http"
>>>>>>>>     useDefaultCredentials="true" />
>>>>>>>>   </channels>
>>>>>>>>  </application>
>>>>>>>> </system.runtime.remoting>
>>>>>>>> </configuration>
>>>>>>>> --------------------------  End
>>>>>>>> Web.Config -----------------------------------------------
>>>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>>>>>> Have you set the remoting client to pass the default credentials
>>>>>>>>> to the server?  If so, how?  Also, what happens when you attempt
>>>>>>>>> to browse to the server URL in IE?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>>>>>> We are working on a distributed VB.Net application which will
>>>>>>>>>> access a SQL database located on a known server.  Each client
>>>>>>>>>> will run on the user's local machine.  To implement this, we are
>>>>>>>>>> trying to use remoting for our access to the SQL server, with the
>>>>>>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>>>>>>> in the destination domain, we want to have IIS handle the
>>>>>>>>>> security for us and not allow anonymous. We have set this up with
>>>>>>>>>> one of our development clients and servers, but when we try to
>>>>>>>>>> connect we get the following error message:
>>>>>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>>>>>> occurred in mscorlib.dll
>>>>>>>>>>
>>>>>>>>>>      Additional information: the remote server returned an error:
>>>>>>>>>> (401) Unauthorized.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Our configuration is this:
>>>>>>>>>>      Component         Running on
>>>>>>>>>>      Module1               the development machine
>>>>>>>>>>      RemotingTest        IIS on the development machine
>>>>>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>>>>>
>>>>>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>>>>>>> the Execute Permissions are set to "Scripts and Executables".  We
>>>>>>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>>>>>>> the error out to the SQL connection (with the error message of
>>>>>>>>>> "can't make a connection for user NULL").  Even if anonymous did
>>>>>>>>>> work, it would be a problem for us since the application we are
>>>>>>>>>> using requires the username to be accessible.
>>>>>>>>>>
>>>>>>>>>> The SQL server is in a different domain from development machine,
>>>>>>>>>> however a trust relationship exists between the two domains.  We
>>>>>>>>>> have verified that the trust works by opening the NorthWind
>>>>>>>>>> database in Enterprise Manager on the development machine.
>>>>>>>>>>
>>>>>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uC0ZpVGaFHA.1040@TK2MSFTNGP10.phx.gbl...
>I can't see any obvious problems in your code.  Do you still get a 401
>error if you try to reproduce the simple sample from
>http://msdn.microsoft.com/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp?
>If not, what happens if you modify the client to use programmatic
>configuration of the URL and credentials instead of reading these from the
>config file?
>
>
>
> "Ron L" <r***@bogus.Address.com> wrote in message
> news:%23H31R5sZFHA.3840@tk2msftngp13.phx.gbl...
>> Nicole
>> I have found the code you referenced as an example:
>>
>>    IDictionary channelProperties;
>>    channelProperties = ChannelServices.GetChannelSinkProperties(proxy);
>>    channelProperties ["credentials"] =
>> CredentialCache.DefaultCredentials;
>>
>> The thing I am not able to come up with is where the variable "proxy" is
>> set and what is it?  If I try making it be the RemotingInterface object
>> in the code below, I still get my (401) Unauthorized error.  Can you
>> clear this up for me?
>>
>> TIA
>> Ron L
>>
>> ------------------------------ Code
>> Stub -------------------------------------------
>>    Sub Main()
>>        Dim _NWInfo As iNWInfo
>>        Dim serverURL As String =
>> "http://localhost/dotNET/RemotingTest/NWInfo.rem"
>>
>>        Console.WriteLine("Welcome to the client application.")
>>
>>        _NWInfo =
>> CType(Activator.GetObject(GetType(RemotingInterface.iNWInfo), serverURL),
>>                                            RemotingInterface.iNWInfo)
>>
>>        Dim channelProperties As IDictionary
>>        channelProperties =
>> ChannelServices.GetChannelSinkProperties(_NWInfo)
>>        channelProperties("credentials") =
>> System.Net.CredentialCache.DefaultCredentials
>>        Console.WriteLine(channelProperties("credentials"))
>>
>>
>>        Console.WriteLine(_NWInfo.GetMessage)
>>
>>        Dim dt As DataTable
>>        Dim row As DataRow
>>        dt = _NWInfo.GetMostExpensiveProducts
>>        For Each row In dt.Rows
>>            Console.WriteLine(row.Item(0))
>>        Next
>>        Console.WriteLine("Press the <enter> key to exit.")
>>        Console.Read()
>>    End Sub
>> ------------------------------\Code
>> Stub -------------------------------------------
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:OE8hJrhZFHA.2788@TK2MSFTNGP12.phx.gbl...
>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>> news:%23d6PdbhZFHA.1424@TK2MSFTNGP15.phx.gbl...
>>>> Nicole
>>>>    I have been attempting to wade through the reference you gave me (it
>>>> was the same reference that Gregory gave).  What I want my application
>>>> to be able to do is to try the credentials of the currently logged in
>>>> user, and if that fails prompt the user for a username and password.
>>>> Is this two different instances of using specific credentials, or is it
>>>> one instance of using default credentials and one of using specific
>>>> credentials?
>>>
>>> If you want to allow falling back to user-provided credentials, you'll
>>> need to do at least two things:
>>>
>>> 1.  Use programmatic configuration of the credentials in your client
>>> application rather than specifying the credentials using channel
>>> attributes in the configuration file.  An example of the programmatic
>>> approach is shown in the "Programmatic configuration" section of the
>>> ".NET Remoting Security" reference.
>>>
>>> 2.  Adjust the client code in #1 to attempt to connect to the server
>>> and, if authentication fails, prompt the user for custom credentials
>>> then switch over to using those credentials.  An example of setting the
>>> proxy to use such credentials is shown in the "Using specific
>>> credentials" section of the ".NET Remoting Security" reference.
>>>
>>>
>>>
>>>>    As to disabling automatic login (setting it to anonymous in Local
>>>> Intranet, and trusted sites), I get the "You are not authorized to view
>>>> this page" error page.
>>>
>>> Good news since this means that the user credentials automatically
>>> provided by IE prior to disabling this behaviour were authenticating
>>> successfully and permitting access to the server.
>>>
>>>
>>>>
>>>> Ron L
>>>>
>>>>
>>>>
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>> message news:u%23B0XIhZFHA.3876@TK2MSFTNGP12.phx.gbl...
>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>> news:uIT6LpgZFHA.3960@TK2MSFTNGP10.phx.gbl...
>>>>>> Nicole
>>>>>>    I guess I don't know how I am specifying the credentials on the
>>>>>> client side.
>>>>>
>>>>> Then chances are very good that the client credentials aren't being
>>>>> passed. See
>>>>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>>>>> (particularly the "Passing Credentials for Authentication to Remote
>>>>> Objects" section) for possible approaches.
>>>>>
>>>>>
>>>>>> As I said to Gregory, I was assuming that IIS handled the credentials
>>>>>> as it does for ASP.
>>>>>
>>>>> IIS will perform the user authentication, but only if the user's
>>>>> credentials are passed from the client machine, which is something
>>>>> that IIS cannot do. The transparent passing of client credentials that
>>>>> you see when using IE to browse a Windows-authenticated intranet site
>>>>> is because IE is configured to pass those credentials without user
>>>>> intervention. You'll need to make it possible for your client
>>>>> application to pass the same credentials.
>>>>>
>>>>>
>>>>>> As to accessing the server, if I enter the following URL:
>>>>>>        http://localhost/dotNet/remotingtest/nwinfo.rem?wsdl
>>>>>>
>>>>>> I get an automatically generated web page listing the message names,
>>>>>> port names, binding names, etc.
>>>>>
>>>>> What happens if you disable the intranet zone automatic logon in IE?
>>>>>
>>>>>
>>>>>>
>>>>>> Ron L
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>> message news:%23yJ7ObgZFHA.3712@TK2MSFTNGP09.phx.gbl...
>>>>>>> That looks like your server config file, which isn't what I was
>>>>>>> asking about.  On the client, how are you specifying the credentials
>>>>>>> that should be sent to the server?  (If you don't know what this
>>>>>>> question means, chances are excellent that you're not sending any
>>>>>>> credentials, which would explain the authentication problem. <g>)
>>>>>>> Also, could you please check if you can access the server via IE?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>> news:O%231BRRgZFHA.3096@TK2MSFTNGP15.phx.gbl...
>>>>>>>> Nicole
>>>>>>>>    Thanks for your response.  I am using a web.config file that I
>>>>>>>> have included at the end of this message.
>>>>>>>>
>>>>>>>> Ron L
>>>>>>>>
>>>>>>>> --------------------------Start
>>>>>>>> Web.Config ------------------------------------------------
>>>>>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>>>>>> <configuration>
>>>>>>>>
>>>>>>>>  <system.web>
>>>>>>>>    <compilation defaultLanguage="vb" debug="true" />
>>>>>>>>    <customErrors mode="RemoteOnly" />
>>>>>>>>    <authentication mode="Windows" />
>>>>>>>>    <authorization>
>>>>>>>>        <allow users="*" /> <!-- Allow all users -->
>>>>>>>>        <allow verbs="GET" users="*" />
>>>>>>>>    </authorization>
>>>>>>>>    <trace enabled="false" requestLimit="10" pageOutput="false"
>>>>>>>> traceMode="SortByTime" localOnly="true" />
>>>>>>>>    <sessionState
>>>>>>>>            mode="Off"
>>>>>>>>    />
>>>>>>>>    <globalization requestEncoding="utf-8" responseEncoding="utf-8"
>>>>>>>> />
>>>>>>>>
>>>>>>>>    <identity impersonate="true" />
>>>>>>>>
>>>>>>>>  </system.web>
>>>>>>>>
>>>>>>>>  <appSettings>
>>>>>>>>   <!-- Trusted_Connection=yes -->
>>>>>>>>     <add key="ConnectionString"
>>>>>>>>          value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>>>>>>>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes "
>>>>>>>> />
>>>>>>>>  </appSettings>
>>>>>>>>
>>>>>>>>  <system.runtime.remoting>
>>>>>>>>  <application>
>>>>>>>>   <!-- the following section defines the classes we're exposing to
>>>>>>>> clients from this host -->
>>>>>>>>   <service>
>>>>>>>>    <wellknown mode="SingleCall"
>>>>>>>>     objectUri = "NWInfo.rem"
>>>>>>>>     type = "RemotingTest.NWInfo, RemotingTest" />
>>>>>>>>
>>>>>>>>   </service>
>>>>>>>>   <channels>
>>>>>>>>    <channel ref="http"
>>>>>>>>     useDefaultCredentials="true" />
>>>>>>>>   </channels>
>>>>>>>>  </application>
>>>>>>>> </system.runtime.remoting>
>>>>>>>> </configuration>
>>>>>>>> --------------------------  End
>>>>>>>> Web.Config -----------------------------------------------
>>>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>>>>>>> message news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>>>>>>>>> Have you set the remoting client to pass the default credentials
>>>>>>>>> to the server?  If so, how?  Also, what happens when you attempt
>>>>>>>>> to browse to the server URL in IE?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Ron L" <r***@bogus.Address.com> wrote in message
>>>>>>>>> news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>>>>>>>>>> We are working on a distributed VB.Net application which will
>>>>>>>>>> access a SQL database located on a known server.  Each client
>>>>>>>>>> will run on the user's local machine.  To implement this, we are
>>>>>>>>>> trying to use remoting for our access to the SQL server, with the
>>>>>>>>>> remoting being via IIS. Since all of our users will have accounts
>>>>>>>>>> in the destination domain, we want to have IIS handle the
>>>>>>>>>> security for us and not allow anonymous. We have set this up with
>>>>>>>>>> one of our development clients and servers, but when we try to
>>>>>>>>>> connect we get the following error message:
>>>>>>>>>>      An unhandled exception of type 'System.Net.WebException'
>>>>>>>>>> occurred in mscorlib.dll
>>>>>>>>>>
>>>>>>>>>>      Additional information: the remote server returned an error:
>>>>>>>>>> (401) Unauthorized.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Our configuration is this:
>>>>>>>>>>      Component         Running on
>>>>>>>>>>      Module1               the development machine
>>>>>>>>>>      RemotingTest        IIS on the development machine
>>>>>>>>>>      NorthWind DB     SQL Server on another server
>>>>>>>>>>
>>>>>>>>>> IIS is configured for Windows Authentication, and the directory
>>>>>>>>>> with the RemotingTest object has "Script Source Access" set and
>>>>>>>>>> the Execute Permissions are set to "Scripts and Executables".  We
>>>>>>>>>> have also tried with setting IIS to Allow Anonymous, which moves
>>>>>>>>>> the error out to the SQL connection (with the error message of
>>>>>>>>>> "can't make a connection for user NULL").  Even if anonymous did
>>>>>>>>>> work, it would be a problem for us since the application we are
>>>>>>>>>> using requires the username to be accessible.
>>>>>>>>>>
>>>>>>>>>> The SQL server is in a different domain from development machine,
>>>>>>>>>> however a trust relationship exists between the two domains.  We
>>>>>>>>>> have verified that the trust works by opening the NorthWind
>>>>>>>>>> database in Enterprise Manager on the development machine.
>>>>>>>>>>
>>>>>>>>>> Can anyone tell us what we are doing wrong here?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Ron L" wrote:

> Nicole
>     Thanks for your response.  I am using a web.config file that I have
> included at the end of this message.
>
> Ron L
>
> --------------------------Start
> Web.Config ------------------------------------------------
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
>
>   <system.web>
>     <compilation defaultLanguage="vb" debug="true" />
>     <customErrors mode="RemoteOnly" />
>     <authentication mode="Windows" />
>     <authorization>
>         <allow users="*" /> <!-- Allow all users -->
>         <allow verbs="GET" users="*" />
>     </authorization>
>     <trace enabled="false" requestLimit="10" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
>     <sessionState
>             mode="Off"
>     />
>     <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>
>     <identity impersonate="true" />
>
>   </system.web>
>
>   <appSettings>
>    <!-- Trusted_Connection=yes -->
>      <add key="ConnectionString"
>           value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>   </appSettings>
>
>   <system.runtime.remoting>
>   <application>
>    <!-- the following section defines the classes we're exposing to clients
> from this host -->
>    <service>
>     <wellknown mode="SingleCall"
>      objectUri = "NWInfo.rem"
>      type = "RemotingTest.NWInfo, RemotingTest" />
>
>    </service>
>    <channels>
>     <channel ref="http"
>      useDefaultCredentials="true" />
>    </channels>
>   </application>
>  </system.runtime.remoting>
> </configuration>
> --------------------------  End
> Web.Config -----------------------------------------------
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
> > Have you set the remoting client to pass the default credentials to the
> > server?  If so, how?  Also, what happens when you attempt to browse to the
> > server URL in IE?
> >
> >
> > "Ron L" <r***@bogus.Address.com> wrote in message
> > news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
> >> We are working on a distributed VB.Net application which will access a
> >> SQL database located on a known server.  Each client will run on the
> >> user's local machine.  To implement this, we are trying to use remoting
> >> for our access to the SQL server, with the remoting being via IIS.  Since
> >> all of our users will have accounts in the destination domain, we want to
> >> have IIS handle the security for us and not allow anonymous.  We have set
> >> this up with one of our development clients and servers, but when we try
> >> to connect we get the following error message:
> >>      An unhandled exception of type 'System.Net.WebException' occurred in
> >> mscorlib.dll
> >>
> >>      Additional information: the remote server returned an error: (401)
> >> Unauthorized.
> >>
> >>
> >>
> >> Our configuration is this:
> >>      Component         Running on
> >>      Module1               the development machine
> >>      RemotingTest        IIS on the development machine
> >>      NorthWind DB     SQL Server on another server
> >>
> >> IIS is configured for Windows Authentication, and the directory with the
> >> RemotingTest object has "Script Source Access" set and the Execute
> >> Permissions are set to "Scripts and Executables".  We have also tried
> >> with setting IIS to Allow Anonymous, which moves the error out to the SQL
> >> connection (with the error message of "can't make a connection for user
> >> NULL").  Even if anonymous did work, it would be a problem for us since
> >> the application we are using requires the username to be accessible.
> >>
> >> The SQL server is in a different domain from development machine, however
> >> a trust relationship exists between the two domains.  We have verified
> >> that the trust works by opening the NorthWind database in Enterprise
> >> Manager on the development machine.
> >>
> >> Can anyone tell us what we are doing wrong here?
> >>
> >>
> >>
> >
> >
>
>
>

"Steve" <St***@discussions.microsoft.com> wrote in message
news:954F8750-6385-42FA-B7ED-FC79C253E694@microsoft.com...
>A few pages ago theres a thread on what sounds like a similar problem that
> was answered well. If you do a search for this string
>
> "ASP.Net Impersonation Problem"
>
> You should come up with it at the top of the list of results. The post
> talks
> about credential forwarding, impersonation and authentication. Which I
> believe, is what you're currently having problems with.
>
> Hope that helps!
>
> Steve.
>
> "Ron L" wrote:
>
>> Nicole
>>     Thanks for your response.  I am using a web.config file that I have
>> included at the end of this message.
>>
>> Ron L
>>
>> --------------------------Start
>> Web.Config ------------------------------------------------
>> <?xml version="1.0" encoding="utf-8" ?>
>> <configuration>
>>
>>   <system.web>
>>     <compilation defaultLanguage="vb" debug="true" />
>>     <customErrors mode="RemoteOnly" />
>>     <authentication mode="Windows" />
>>     <authorization>
>>         <allow users="*" /> <!-- Allow all users -->
>>         <allow verbs="GET" users="*" />
>>     </authorization>
>>     <trace enabled="false" requestLimit="10" pageOutput="false"
>> traceMode="SortByTime" localOnly="true" />
>>     <sessionState
>>             mode="Off"
>>     />
>>     <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
>>
>>     <identity impersonate="true" />
>>
>>   </system.web>
>>
>>   <appSettings>
>>    <!-- Trusted_Connection=yes -->
>>      <add key="ConnectionString"
>>           value="Provider=SQLOLEDB;Data Source=Dev2k;Initial
>> Catalog=Northwind;Integrated Security=SSPI;Trusted_Connection=yes " />
>>   </appSettings>
>>
>>   <system.runtime.remoting>
>>   <application>
>>    <!-- the following section defines the classes we're exposing to
>> clients
>> from this host -->
>>    <service>
>>     <wellknown mode="SingleCall"
>>      objectUri = "NWInfo.rem"
>>      type = "RemotingTest.NWInfo, RemotingTest" />
>>
>>    </service>
>>    <channels>
>>     <channel ref="http"
>>      useDefaultCredentials="true" />
>>    </channels>
>>   </application>
>>  </system.runtime.remoting>
>> </configuration>
>> --------------------------  End
>> Web.Config -----------------------------------------------
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:uO2gxmfZFHA.3648@TK2MSFTNGP14.phx.gbl...
>> > Have you set the remoting client to pass the default credentials to the
>> > server?  If so, how?  Also, what happens when you attempt to browse to
>> > the
>> > server URL in IE?
>> >
>> >
>> > "Ron L" <r***@bogus.Address.com> wrote in message
>> > news:eg4E7IeZFHA.3220@TK2MSFTNGP14.phx.gbl...
>> >> We are working on a distributed VB.Net application which will access a
>> >> SQL database located on a known server.  Each client will run on the
>> >> user's local machine.  To implement this, we are trying to use
>> >> remoting
>> >> for our access to the SQL server, with the remoting being via IIS.
>> >> Since
>> >> all of our users will have accounts in the destination domain, we want
>> >> to
>> >> have IIS handle the security for us and not allow anonymous.  We have
>> >> set
>> >> this up with one of our development clients and servers, but when we
>> >> try
>> >> to connect we get the following error message:
>> >>      An unhandled exception of type 'System.Net.WebException' occurred
>> >> in
>> >> mscorlib.dll
>> >>
>> >>      Additional information: the remote server returned an error:
>> >> (401)
>> >> Unauthorized.
>> >>
>> >>
>> >>
>> >> Our configuration is this:
>> >>      Component         Running on
>> >>      Module1               the development machine
>> >>      RemotingTest        IIS on the development machine
>> >>      NorthWind DB     SQL Server on another server
>> >>
>> >> IIS is configured for Windows Authentication, and the directory with
>> >> the
>> >> RemotingTest object has "Script Source Access" set and the Execute
>> >> Permissions are set to "Scripts and Executables".  We have also tried
>> >> with setting IIS to Allow Anonymous, which moves the error out to the
>> >> SQL
>> >> connection (with the error message of "can't make a connection for
>> >> user
>> >> NULL").  Even if anonymous did work, it would be a problem for us
>> >> since
>> >> the application we are using requires the username to be accessible.
>> >>
>> >> The SQL server is in a different domain from development machine,
>> >> however
>> >> a trust relationship exists between the two domains.  We have verified
>> >> that the trust works by opening the NorthWind database in Enterprise
>> >> Manager on the development machine.
>> >>
>> >> Can anyone tell us what we are doing wrong here?
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>>

"Ron L" wrote:

> We are working on a distributed VB.Net application which will access a SQL
> database located on a known server.  Each client will run on the user's
> local machine.  To implement this, we are trying to use remoting for our
> access to the SQL server, with the remoting being via IIS.  Since all of our
> users will have accounts in the destination domain, we want to have IIS
> handle the security for us and not allow anonymous.  We have set this up
> with one of our development clients and servers, but when we try to connect
> we get the following error message:
>       An unhandled exception of type 'System.Net.WebException' occurred in
> mscorlib.dll
>
>       Additional information: the remote server returned an error: (401)
> Unauthorized.
>
>
>
> Our configuration is this:
>       Component         Running on
>       Module1               the development machine
>       RemotingTest        IIS on the development machine
>       NorthWind DB     SQL Server on another server
>
> IIS is configured for Windows Authentication, and the directory with the
> RemotingTest object has "Script Source Access" set and the Execute
> Permissions are set to "Scripts and Executables".  We have also tried with
> setting IIS to Allow Anonymous, which moves the error out to the SQL
> connection (with the error message of "can't make a connection for user
> NULL").  Even if anonymous did work, it would be a problem for us since the
> application we are using requires the username to be accessible.
>
> The SQL server is in a different domain from development machine, however a
> trust relationship exists between the two domains.  We have verified that
> the trust works by opening the NorthWind database in Enterprise Manager on
> the development machine.
>
> Can anyone tell us what we are doing wrong here?
>
>
>
>

"Cowboy (Gregory A. Beamer) - MVP" <NoSpamMgbworld@comcast.netNoSpamM> wrote
in message news:210A006F-C8BD-470E-9EF6-A496C7BFE894@microsoft.com...
> The issue is IIS connections are anonymous until login. With a local app,
> you
> do not get a logon box, so you stay anon. Boom!!!
>
> Good starting point:
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch11.asp
>
> I assume you are using HTTP as transport (IIS) as you want the built in
> authentication methods. That is fine, but realize you will have to have
> the
> user log in, or have the machines set up to automatically use the user's
> account. Network admins can push this out, via policy, to avoid
> individually
> setting up machines.
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
>
> "Ron L" wrote:
>
>> We are working on a distributed VB.Net application which will access a
>> SQL
>> database located on a known server.  Each client will run on the user's
>> local machine.  To implement this, we are trying to use remoting for our
>> access to the SQL server, with the remoting being via IIS.  Since all of
>> our
>> users will have accounts in the destination domain, we want to have IIS
>> handle the security for us and not allow anonymous.  We have set this up
>> with one of our development clients and servers, but when we try to
>> connect
>> we get the following error message:
>>       An unhandled exception of type 'System.Net.WebException' occurred
>> in
>> mscorlib.dll
>>
>>       Additional information: the remote server returned an error: (401)
>> Unauthorized.
>>
>>
>>
>> Our configuration is this:
>>       Component         Running on
>>       Module1               the development machine
>>       RemotingTest        IIS on the development machine
>>       NorthWind DB     SQL Server on another server
>>
>> IIS is configured for Windows Authentication, and the directory with the
>> RemotingTest object has "Script Source Access" set and the Execute
>> Permissions are set to "Scripts and Executables".  We have also tried
>> with
>> setting IIS to Allow Anonymous, which moves the error out to the SQL
>> connection (with the error message of "can't make a connection for user
>> NULL").  Even if anonymous did work, it would be a problem for us since
>> the
>> application we are using requires the username to be accessible.
>>
>> The SQL server is in a different domain from development machine, however
>> a
>> trust relationship exists between the two domains.  We have verified that
>> the trust works by opening the NorthWind database in Enterprise Manager
>> on
>> the development machine.
>>
>> Can anyone tell us what we are doing wrong here?
>>
>>
>>
>>