Re: Illegal to mix Authentication methods ?
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 01/31/04
- Previous message: Coucou à toutes et à tous: "RE: Passport Requirements"
- In reply to: mklapp: "Illegal to mix Authentication methods ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 23:15:51 -0300
I think this article will shed some light on the subject.
http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnaspp/ht
ml/mixedsecurity.asp
"mklapp" <mklapp@zippy.com> escribió en el mensaje
news:05F96181-74C4-4175-A374-73F244AB80B2@microsoft.com...
> Hello,
>
> I have a Web Service, a Winform client and a web Application. The Web
App and the WinForm Client use the same Web Service (or such is the plan).
>
> The WinForm Client and the Webservice work together using Integrated
Windows Authentication and works well.
>
> The nature of the Web App, compels me to use Forms authentication. The
default page redirects to the login page for the login. The login screen
access the Web Service through the proxy generated by WSDL.exe.
>
> The intent is to only allow authenticated windows users to reach the
Login screen in the first place. After the login screen, access to the App
pages will be via cookie authentication. Each of the web pages access the
Web Service (through the proxy). Anonymous access is turned off. Where
authentication can be specified in the App path through IIS, it has been set
to Integrated Windows.
>
> The code :
>
> Line 42: pss =
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPss.Text, "sha1")
> Line 43:
> Line 44: If proxy.ValidateUser(txtUser.Text, pss) Then
<-----------The bad line
>
> Line 45:
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False)
> Line 46: Else
>
>
> The returned exception is below.
>
>
> WebException: The request failed with HTTP status 401: Access Denied.]
>
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClient
Message message, WebResponse response, Stream responseStream, Boolean
asyncCall)
> System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
> MABillingService.ValidateUser(String UserId, String psswd)
> _3rdPartyWeb.login.btnLogin_Click(Object sender, EventArgs e) in
c:\inetpub\wwwroot\3rdPartyWeb\login.aspx.vb:44
> System.Web.UI.WebControls.Button.OnClick(EventArgs e)
>
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePo
stBackEvent(String eventArgument)
> System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument)
> System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
> System.Web.UI.Page.ProcessRequestMain()
>
> Must I set authentication to Anonymous if I am using Forms? Can one
client use Integrated Windows with a web service while another uses Forms
through the proxy for the same service?
>
> I have read a lot, but everything is spread all over the place and
little of it is tied together.
>
- Previous message: Coucou à toutes et à tous: "RE: Passport Requirements"
- In reply to: mklapp: "Illegal to mix Authentication methods ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
