|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Passing credentials from ASP.NET website to webserviceI have a problem with passing the default credentials from an ASP.NET web application residing on 1 web server(IIS) to a web service residing on another server(IIS). Below is the complete description. The problem statement for the double hop issue in our product Email Manager Maintenance (EMM) is as follows: Description: The current implementation of the EMM is that the EMM web applications (ASP.NET) are installed on the same web server which has Microsoft CRM (1.2/3.0) installed. The EMM web applications access the MSCRM Web services which is part of the MS CRM server setup. This setup works fine since both the EMM web application and the web service reside on the same IIS server. Problem statement: The new implementation of the EMM web application requires that the application be installed on a separate standard Windows 2000/2003 Server having IIS 6.0. In such a case, the EMM web application needs to communicate to the MS CRM web service on another web server. In order to consume the web service, the web application will pass windows credentials to the web service proxy for authentication. The credentials to be passed have to be the default credentials. However, this involves passing credentials across servers from one IIS server to another IIS server. The main problem lies here as the credentials need to “hop†across from 1 site to another. The following is the details of the environment setup for this implementation. Server A (Domain controller) has the following installed: 1. Windows 2003 Server 2. Microsoft CRM 1.2 3. SQL Server 2000 4. IIS 6.0 5. MSCRMServices running in IIS. 6. Active Directory 7. Exchange Server 2003 Server B (Web server) has the following installed: 1. Windows 2003 Server 2. IIS 6.0 (default website set to integrated windows authentication) 3. EMM web site is installed in this web server Below is the code where the credentials are being passed to the MSCRM web service proxy. using System; using System.Data; using System.Net; using System.Xml; namespace CrmHelperClass { public class CrmHelperClass { System.Net.ICredentials userCredentials; string crmServicesUrl; private System.Net.ICredentials adminCredentials; //Constructor public CrmHelperClass(string crmServiceUrl, string adminUsername, string adminPwd) { try { crmServiceUrl = "http://10.200.167.250:80/MSCRMServices"; adminUsername = encrypObj.Decryptedvalue(adminUsername); adminPwd=encrypObj.Decryptedvalue(adminPwd); //Get the admin credentials for MS CRM adminCredentials=new System.Net.NetworkCredential(adminUsername,adminPwd,domainname); //Get the User credentials userCredentials = System.Net.CredentialCache.DefaultCredentials; //Get the BizUser CRM proxy object oBizUser = new Microsoft.CRM.Proxy.BizUser(); oBizUser.Credentials = userCredentials; oBizUser.Url = crmServicesUrl + CrmHelperConstants.CRMBizUserUrl; // BizUserUrl = BizUser.srf //Authenticate the logged in user credentials against the CRM web service oUserAuth = oBizUser.WhoAmI(); } catch(System.Web.Services.SoapException err) { throw; } catch(Exception ex) { throw ex; } } } } If anybody has a solution to fix the issue, it will be highly appreciated. Cheers, Adarsh is the computer account for the web server trusted for delegation?
Show quoteHide quote "Adarsh" <Ada***@discussions.microsoft.com> wrote in message news:64961808-97D4-4961-B12F-4D31A1FC544A@microsoft.com... > Hi, > > I have a problem with passing the default credentials from an ASP.NET web > application residing on 1 web server(IIS) to a web service residing on > another server(IIS). Below is the complete description. > > The problem statement for the double hop issue in our product Email > Manager > Maintenance (EMM) is as follows: > > Description: The current implementation of the EMM is that the EMM web > applications (ASP.NET) are installed on the same web server which has > Microsoft CRM (1.2/3.0) installed. The EMM web applications access the > MSCRM > Web services which is part of the MS CRM server setup. This setup works > fine > since both the EMM web application and the web service reside on the same > IIS > server. > > Problem statement: The new implementation of the EMM web application > requires that the application be installed on a separate standard Windows > 2000/2003 Server having IIS 6.0. > In such a case, the EMM web application needs to communicate to the MS CRM > web service on another web server. In order to consume the web service, > the > web application will pass windows credentials to the web service proxy for > authentication. The credentials to be passed have to be the default > credentials. However, this involves passing credentials across servers > from > one IIS server to another IIS server. The main problem lies here as the > credentials need to "hop" across from 1 site to another. The following is > the > details of the environment setup for this implementation. > > Server A (Domain controller) has the following installed: > 1. Windows 2003 Server > 2. Microsoft CRM 1.2 > 3. SQL Server 2000 > 4. IIS 6.0 > 5. MSCRMServices running in IIS. > 6. Active Directory > 7. Exchange Server 2003 > > Server B (Web server) has the following installed: > 1. Windows 2003 Server > 2. IIS 6.0 (default website set to integrated windows authentication) > 3. EMM web site is installed in this web server > > Below is the code where the credentials are being passed to the MSCRM web > service proxy. > > using System; > using System.Data; > using System.Net; > using System.Xml; > > namespace CrmHelperClass > { > public class CrmHelperClass > { > System.Net.ICredentials userCredentials; > string crmServicesUrl; > private System.Net.ICredentials adminCredentials; > //Constructor > public CrmHelperClass(string crmServiceUrl, string adminUsername, string > adminPwd) > { > try > { > crmServiceUrl = "http://10.200.167.250:80/MSCRMServices"; > adminUsername = encrypObj.Decryptedvalue(adminUsername); > adminPwd=encrypObj.Decryptedvalue(adminPwd); > //Get the admin credentials for MS CRM > adminCredentials=new > System.Net.NetworkCredential(adminUsername,adminPwd,domainname); > //Get the User credentials > userCredentials = System.Net.CredentialCache.DefaultCredentials; > //Get the BizUser CRM proxy object > oBizUser = new Microsoft.CRM.Proxy.BizUser(); > oBizUser.Credentials = userCredentials; > oBizUser.Url = crmServicesUrl + CrmHelperConstants.CRMBizUserUrl; // > BizUserUrl = BizUser.srf > //Authenticate the logged in user credentials against the CRM web service > oUserAuth = oBizUser.WhoAmI(); > } > catch(System.Web.Services.SoapException err) > { > throw; > } > catch(Exception ex) > { > throw ex; > } > } > > } > } > > If anybody has a solution to fix the issue, it will be highly appreciated. > > Cheers, > Adarsh 
Other interesting topics
Is there a way to avoid/security alert box from redirecting to HTTP to HTTPS?
Can Somone Tell Me If We Have a Hacker? A little help (kerberos, netbios, and SPN... oh my!) login problem with iis and webdav. Security templates and IUSR account log on locally IE does not offer to open item downloaded via https Can i make personal ssl cert from verisign's one? Filtering Query String IIS6 HTTPS POST not being returned to .ASP file... IIS logs show domain laptop logging into WEBDAV |
|||||||||||||||||||||||
