Re: Calling a webservice using Kerberos

From: Chris Rolon (chris.rolon_at_removethis.neudesic.com)
Date: 01/24/05 

Date: Sun, 23 Jan 2005 20:33:03 -0800

As Jow said you need to read up on delegation. Basicalliy you need to enable
the server and the account for delegation. Then the credentials will flow.

Chris Rolon

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OeohoQy$EHA.2032@tk2msftngp13.phx.gbl...
> You need to read up on Kerberos delegation. That is what you need to make
> this scenario work. You might start here:
>
http://msdn.microsoft.com/vstudio/using/building/web/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT05.asp?FRAME=true#ImplementKerberos
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
>
> Also, this newsgroup is full of Kerberos delegation posts that you can
find
> with Google.
>
> Joe K.
>
> "ALI-R" <newbie@microsoft.com> wrote in message
> news:eb6QkGy$EHA.3504@TK2MSFTNGP12.phx.gbl...
> > I'm writing a webpart which is supposed to connect to a Webserice in our
> > interanet.I am using "RSService.Credentials =
> > System.Net.CredentialCache.DefaultCredentials;"to Authenticate to the
> > webservice.but it dosn't work.why?
> >
> >
> > I think SharePoint which hosts my webpart authenticate the user
requesting
> > my webpart and because credential lasts only for one connection ,when
web
> > part wants to call webservice there is no credenatial anymore and I get
> > 401
> > (Unauthorized) Error.I was told to use Kerberos because it flows the
user
> > identity,but I don't know how to use it in this scenario.
> >
> >
> >
> >
> >
> > Is there somebody who can give me some hints?
> >
> > Thanks
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: Impersonation/Delegation security considerations
    ... Our AD/network guys illustrated a potential security issue using the ... I assume that by delegation you mean passing ... only pass user's credentials to a SQL Server running on the same machine. ... Web site to the CEO ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Impersonation/Delegation security considerations
    ... security risk example. ... delegation you mean passing ... >only pass user's credentials to a SQL Server running on ... >Create a fake internal Web site. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Login failed for user . The user is not associated with a trusted SQL Server connection.
    ... he never mentioned he is impersonating in asp.net - so no delegation needed. ... Cassini runs with the credentials of the interactive user - which seems to have access to sql - in contrast to the local ASPNET account - which i am trying to tell him since 2 days.... ... yes - use explicit credentials and enable mixed mode auth in sql server to get this to work. ...
    (microsoft.public.dotnet.security)
  • Re: [modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
    ... I need the KRB5CCNAME so I can login to my OpenLDAP SASL based server and PostgreSQL with kerberos. ... Storing credentials in a krb5 cache pointing to KRB5CCNAME has nothing to do with delegation. ... You only need delegation if you wnat that Apache logs into a backend application with the users ID. ... Now Search log events and configuration files using AJAX and a browser. ...
    (comp.protocols.kerberos)
  • Re: Remote process with network access
    ... You are missing a key concept, that is the transmission of credentials. ... Let's say you have 3 machines, WinMgmtClient, WinMgmtServer, FileServer. ... The second hop is guaranteed by Kerberos via Delegation. ...
    (microsoft.public.win32.programmer.wmi)