[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.aspnet.webservices

Why are the System.Net.CredentialCache.DefaultCredentials always empty in and ASP application?

Jari

8/14/2003 9:49:00 AM


We have an anonymous web application trying to talk to a windows
authenticated webservice. This is currently failing with 401 Access Denied
errors.

We have found that we can get this to work by writing the following code in
the web application before calling the webservice:

WebServiceInstance.Credentials = new NetworkCredential("username",
"password","domain");


We don't want to have to do this because it means having to retrieve the
username and password again.

When searching for an answer, the following line constantly appears as the
correct solution:

WebServiceInstance.Credentials = CredentialCache.DefaultCredentials;


Unfortunatley the DefaultCredentials are empty. Why is this? We were
originally thinking (informed by a Microsoft Document) that because both
IIS machines have the same ASPNET account and password the Windows
authentication on the webservice side would be satisfied, but this doesn't
seem to be the case.

Please help we've been trying to get this working for almost 3 days now...

Thanks,
Craig
2 Answers

lukezhan

8/14/2003 11:49:00 AM

0

you need to make sure that the credentials you?re passing to the end
service are valid for that machine. Unless your web service client is
impersonating a valid user for that end service,
CredentialCache.DefaultCredentials won?t be valid.For example, you can
impersonate it as domain user which also have permission on the end server.
For more information on impersonante, you can refer to:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/default.aspx?scid=KB;EN-...

Luke

"Microsoft Security Announcement: Have you installed the patch for
Microsoft Security Bulletin MS03-026?? If not Microsoft strongly advises
you to review the information at the following link regarding Microsoft
Security Bulletin MS03-026
http://www.microsoft.com/security/security_bulletins/ms... and/or to
visit Windows Update at http://windowsupdate.mic... to install the
patch. Running the SCAN program from the Windows Update site will help to
insure you are current with all security patches, not just MS03-026."

Jari

8/14/2003 1:01:00 PM

0

Turns out there was a restart required after setting the ASPNET passwords.

My fault, all is well.

Simply by setting the webservice.Credentials to the DefaultCredentials
allows the public webapp to call the windows auth webservice.


Thanks for you help.

Craig



lukezhan@online.microsoft.com (MSFT) wrote in
news:7JiF3nlYDHA.2408@cpmsftngxa06.phx.gbl:

> you need to make sure that the credentials you?re passing to the end
> service are valid for that machine. Unless your web service client is
> impersonating a valid user for that end service,
> CredentialCache.DefaultCredentials won?t be valid.For example, you can
> impersonate it as domain user which also have permission on the end
> server. For more information on impersonante, you can refer to:
>
> INFO: Implementing Impersonation in an ASP.NET Application
> http://support.microsoft.com/default.aspx?scid=KB;EN-...
>
> Luke
>
> "Microsoft Security Announcement: Have you installed the patch for
> Microsoft Security Bulletin MS03-026?? If not Microsoft strongly
> advises you to review the information at the following link regarding
> Microsoft Security Bulletin MS03-026
> http://www.microsoft.com/security/security_bulletins/ms...
> and/or to visit Windows Update at http://windowsupdate.mic...
> to install the patch. Running the SCAN program from the Windows
> Update site will help to insure you are current with all security
> patches, not just MS03-026."
>
>