Illegal to mix Authentication methods ?

From: mklapp (mklapp_at_zippy.com)
Date: 01/30/04


Date: Fri, 30 Jan 2004 13:01:07 -0800

Hello,

   I have a Web Service, a Winform client and a web Application. The Web App and the WinForm Client use the same Web Service (or such is the plan).

   The WinForm Client and the Webservice work together using Integrated Windows Authentication and works well.

   The nature of the Web App, compels me to use Forms authentication. The default page redirects to the login page for the login. The login screen access the Web Service through the proxy generated by WSDL.exe.

   The intent is to only allow authenticated windows users to reach the Login screen in the first place. After the login screen, access to the App pages will be via cookie authentication. Each of the web pages access the Web Service (through the proxy). Anonymous access is turned off. Where authentication can be specified in the App path through IIS, it has been set to Integrated Windows.

The code :

Line 42: pss = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPss.Text, "sha1")
Line 43:
Line 44: If proxy.ValidateUser(txtUser.Text, pss) Then <-----------The bad line

Line 45: FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False)
Line 46: Else

The returned exception is below.

WebException: The request failed with HTTP status 401: Access Denied.]
   System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   MABillingService.ValidateUser(String UserId, String psswd)
   _3rdPartyWeb.login.btnLogin_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\3rdPartyWeb\login.aspx.vb:44
   System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   System.Web.UI.Page.ProcessRequestMain()

Must I set authentication to Anonymous if I am using Forms? Can one client use Integrated Windows with a web service while another uses Forms through the proxy for the same service?

   I have read a lot, but everything is spread all over the place and little of it is tied together.



Relevant Pages

  • Re: ASP.NET Forms Authentication site calling web service
    ...  I began developing a web app utilizing this web service ... web app and web service web.config files. ... authentication set as windows and authorization as allow all users. ... going to the Web service in IIS and looking at login credentials, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.NET Forms Authentication site calling web service
    ...  I began developing a web app utilizing this web service ... web app and web service web.config files. ... authentication set as windows and authorization as allow all users. ... going to the Web service in IIS and looking at login credentials, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.NET Forms Authentication site calling web service
    ... I began developing a web app utilizing this web service ... My login page asks for a custom user name and password hence why I'm ... authentication set as windows and authorization as allow all users. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.NET Forms Authentication site calling web service
    ...  I began developing a web app utilizing this web service ... web app and web service web.config files. ... authentication set as windows and authorization as allow all users. ... going to the Web service in IIS and looking at login credentials, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.NET Forms Authentication site calling web service
    ... I began developing a web app utilizing this web service ... as a console to enable users more capabilities than on the mobile ... My login page asks for a custom user name and password hence why I'm ...
    (microsoft.public.dotnet.framework.aspnet)