|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Getting user ID from Web Service credentialsand I'm trying to implement Windows authentication. It works OK in the standalone client app (I use their Windows current user name to log them in.) When I use a Web Service, I don't think it's working. I'll use this example provided by Microsoft. There's a Web Service called Service1. In the client app: localhost.Service1 myProxy = new localhost.Service1(); myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials; myProxy is of type System.Web.Services.Protocols.SoapHttpClientProtocol, I believe. This is supposed to add the user name and password to the HTTP headers. The code runs, however I can't verify this. I can't see any way to get the user name from the Web Services code. When I look at the user name in the credentials object above from the client side, it's always blank, and I don't know how to see it in the headers from the Web Services side. For both the client side caller and the Web Service, I have set in IIS Integrated Windows Authentication on, and anonymous access off. Thanks for any pointers. Have you set the PreAuthenticate property on the proxy to ensure that the
credentials are submitted on the first request? Show quoteHide quote "Jeff Connelly" <nom***@thank.you> wrote in message news:OHk2uu5PFHA.2560@TK2MSFTNGP14.phx.gbl... > Fairly new to Windows security issues.... We have login to our > application, and I'm trying to implement Windows authentication. It works > OK in the standalone client app (I use their Windows current user name to > log them in.) When I use a Web Service, I don't think it's working. I'll > use this example provided by Microsoft. > > There's a Web Service called Service1. In the client app: > > localhost.Service1 myProxy = new localhost.Service1(); > myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials; > > myProxy is of type System.Web.Services.Protocols.SoapHttpClientProtocol, I > believe. This is supposed to add the user name and password to the HTTP > headers. The code runs, however I can't verify this. I can't see any way > to get the user name from the Web Services code. When I look at the user > name in the credentials object above from the client side, it's always > blank, and I don't know how to see it in the headers from the Web Services > side. > > For both the client side caller and the Web Service, I have set in IIS > Integrated Windows Authentication on, and anonymous access off. Thanks > for any pointers. > Well, I have now :-) Didn't seem to make much difference though. After
reading about it, it seems to do about the same thing as setting Integrated Windows Authentication in IIS, when Anonymous access is turned off. It seems strange that there isn't a way to get the user name on the server side when it was supposedly set with System.Net.CredentialCache.DefaultCredentials on the client side. Do I need to use impersonation to do this? Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OUD83fBQFHA.2132@TK2MSFTNGP14.phx.gbl... > Have you set the PreAuthenticate property on the proxy to ensure that the > credentials are submitted on the first request? > > > > "Jeff Connelly" <nom***@thank.you> wrote in message > news:OHk2uu5PFHA.2560@TK2MSFTNGP14.phx.gbl... >> Fairly new to Windows security issues.... We have login to our >> application, and I'm trying to implement Windows authentication. It >> works OK in the standalone client app (I use their Windows current user >> name to log them in.) When I use a Web Service, I don't think it's >> working. I'll use this example provided by Microsoft. >> >> There's a Web Service called Service1. In the client app: >> >> localhost.Service1 myProxy = new localhost.Service1(); >> myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials; >> >> myProxy is of type System.Web.Services.Protocols.SoapHttpClientProtocol, >> I believe. This is supposed to add the user name and password to the >> HTTP headers. The code runs, however I can't verify this. I can't see >> any way to get the user name from the Web Services code. When I look at >> the user name in the credentials object above from the client side, it's >> always blank, and I don't know how to see it in the headers from the Web >> Services side. >> >> For both the client side caller and the Web Service, I have set in IIS >> Integrated Windows Authentication on, and anonymous access off. Thanks >> for any pointers. >> > > April 13, 2005
Just a guess, but try... Dim username as string = User.Identity.Name I know that you can access User.Identity in a web service, but I don't know whether it actually contains anything like in a web application but it seems to me that it would. HTH :-) Joseph MCAD Show quoteHide quote "Jeff Connelly" <nom***@thank.you> wrote in message news:uP2tUQDQFHA.164@TK2MSFTNGP12.phx.gbl... > Well, I have now :-) Didn't seem to make much difference though. After > reading about it, it seems to do about the same thing as setting > Integrated Windows Authentication in IIS, when Anonymous access is turned > off. > > It seems strange that there isn't a way to get the user name on the server > side when it was supposedly set with > System.Net.CredentialCache.DefaultCredentials on the client side. Do I > need to use impersonation to do this? > > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:OUD83fBQFHA.2132@TK2MSFTNGP14.phx.gbl... >> Have you set the PreAuthenticate property on the proxy to ensure that the >> credentials are submitted on the first request? >> >> >> >> "Jeff Connelly" <nom***@thank.you> wrote in message >> news:OHk2uu5PFHA.2560@TK2MSFTNGP14.phx.gbl... >>> Fairly new to Windows security issues.... We have login to our >>> application, and I'm trying to implement Windows authentication. It >>> works OK in the standalone client app (I use their Windows current user >>> name to log them in.) When I use a Web Service, I don't think it's >>> working. I'll use this example provided by Microsoft. >>> >>> There's a Web Service called Service1. In the client app: >>> >>> localhost.Service1 myProxy = new localhost.Service1(); >>> myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials; >>> >>> myProxy is of type System.Web.Services.Protocols.SoapHttpClientProtocol, >>> I believe. This is supposed to add the user name and password to the >>> HTTP headers. The code runs, however I can't verify this. I can't see >>> any way to get the user name from the Web Services code. When I look at >>> the user name in the credentials object above from the client side, it's >>> always blank, and I don't know how to see it in the headers from the Web >>> Services side. >>> >>> For both the client side caller and the Web Service, I have set in IIS >>> Integrated Windows Authentication on, and anonymous access off. Thanks >>> for any pointers. >>> >> >> > > "Joseph MCAD" <anonym***@microsoft.discussions.com> wrote in message I believe User.Identity.Name is really news:udYZAgDQFHA.2932@TK2MSFTNGP09.phx.gbl... > April 13, 2005 > > Just a guess, but try... > > Dim username as string = User.Identity.Name > > I know that you can access User.Identity in a web service HttpContext.Current.User.Identity.Name, is it not? Still gives ASPNET as the answer. April 13, 2005
Is Windows Authentication enabled in IIS? If it isn't then ASPNET will be in the User.Identity.Name property. If windows auth isn't enabled, try enabling it and then try my suggestion again. This should work! Joseph MCAD Show quoteHide quote "Jeff Connelly" <nom***@thank.you> wrote in message news:OnnM%23LEQFHA.2932@TK2MSFTNGP09.phx.gbl... > > "Joseph MCAD" <anonym***@microsoft.discussions.com> wrote in message > news:udYZAgDQFHA.2932@TK2MSFTNGP09.phx.gbl... >> April 13, 2005 >> >> Just a guess, but try... >> >> Dim username as string = User.Identity.Name >> >> I know that you can access User.Identity in a web service > > I believe User.Identity.Name is really > HttpContext.Current.User.Identity.Name, is it not? Still gives ASPNET as > the answer. > "Joseph MCAD" <anonym***@microsoft.discussions.com> wrote in message That's what I hear :-) Windows Auth is on - from my first post... "I have news:%23yFBMoEQFHA.3076@TK2MSFTNGP12.phx.gbl... > April 13, 2005 > > Is Windows Authentication enabled in IIS? If it isn't then ASPNET will > be in the User.Identity.Name property. If windows auth isn't enabled, try > enabling it and then try my suggestion again. This should work! set in IIS Integrated Windows Authentication on, and anonymous access off" As Joseph suggested, the HttpContext.User is also for web services as well
as web forms. In addition, the two other identity implementations described at http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetAP05.asp will also function as they do in a ASP.NET web form page. Show quoteHide quote "Jeff Connelly" <nom***@thank.you> wrote in message news:uP2tUQDQFHA.164@TK2MSFTNGP12.phx.gbl... > Well, I have now :-) Didn't seem to make much difference though. After > reading about it, it seems to do about the same thing as setting > Integrated Windows Authentication in IIS, when Anonymous access is turned > off. > > It seems strange that there isn't a way to get the user name on the server > side when it was supposedly set with > System.Net.CredentialCache.DefaultCredentials on the client side. Do I > need to use impersonation to do this? > > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:OUD83fBQFHA.2132@TK2MSFTNGP14.phx.gbl... >> Have you set the PreAuthenticate property on the proxy to ensure that the >> credentials are submitted on the first request? >> >> >> >> "Jeff Connelly" <nom***@thank.you> wrote in message >> news:OHk2uu5PFHA.2560@TK2MSFTNGP14.phx.gbl... >>> Fairly new to Windows security issues.... We have login to our >>> application, and I'm trying to implement Windows authentication. It >>> works OK in the standalone client app (I use their Windows current user >>> name to log them in.) When I use a Web Service, I don't think it's >>> working. I'll use this example provided by Microsoft. >>> >>> There's a Web Service called Service1. In the client app: >>> >>> localhost.Service1 myProxy = new localhost.Service1(); >>> myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials; >>> >>> myProxy is of type System.Web.Services.Protocols.SoapHttpClientProtocol, >>> I believe. This is supposed to add the user name and password to the >>> HTTP headers. The code runs, however I can't verify this. I can't see >>> any way to get the user name from the Web Services code. When I look at >>> the user name in the credentials object above from the client side, it's >>> always blank, and I don't know how to see it in the headers from the Web >>> Services side. >>> >>> For both the client side caller and the Web Service, I have set in IIS >>> Integrated Windows Authentication on, and anonymous access off. Thanks >>> for any pointers. >>> >> >> > > 
Other interesting topics
Running a program with elevated priveleges
Cannot open log for source {0}. You may not have write access. (Access right wanish after a while) local admin security question AzMan threading problems How to run aspnet with system account web application can not access event log Rijndael decryption succeeds SOMETIMES Access to the path is denied: Assembly Permission Problem Parsing X.509 Digital Certificate newbie question Help How to add publisher condition ?? |
|||||||||||||||||||||||
