RE: accessing WebService from asp.net App on load balanced Servers

From: Steven Cheng[MSFT] (stcheng_at_online.microsoft.com)
Date: 11/28/05

  • Next message: Jason: "RE: accessing WebService from asp.net App on load balanced Servers" 
    Date: Mon, 28 Nov 2005 02:27:43 GMT

    Hi Jason,

    Welcome to asp.net newsgroup.
    >From your description,you're accessing an ASP.NET webservice from an
    asp.net webapplication, the the web application
     turn on impesonate so as to use the client user's credential to access the
    webservice(authenticated protected...)
    However, he found that this worked only when the webservice is on the same
    machine with the web applicaiton...
    Elsewise, you'll get 401 error, yes?

    Based on my experience, this problem is caused by the limitation of normal
    windows NTLM authentication's generated logon session. By default the
    asp.net implicit impersonated client logon session are network logon
    sessions, they have not network credentials. So it is ok for accessing
    protected resources on the same box (with the asp.net web application...),
    however, when try accessing some remote protected resources... we'll get
    access error since no security credential is sent (network logon on session
    can not be forwarded to remote machine...). This is a typical double hop
    limit...

    So as for your scenario, the most recommended and simplest means is to use
    a fixed privileged account to access the remote webservice in your asp.net
    web application (avoid using the implict impersonated client user's
    credential....). Or you can consider still maintain the webservice on the
    same server with the asp.net web app....
    And for the Kerberos you mentioned, yes, it is possible to configure
    kerberos delegation between client and our asp.net webapplication so as to
    establish kerberos ticket which can be forwarded to multiple remote
    machine(mulitple hops...), but using kerberos delegation may require
    complex configuration on both client side (browser ) and serverside
    (including asp.net web app's server and webservice's server , also the
    win2k or win2003 domain.....), so we do not recommend using this approach
    .....

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    --------------------
    | Thread-Topic: accessing WebService from asp.net App on load balanced
    Servers
    | thread-index: AcXzLeCUpK/csZhpRky0PT9rpnnVbw==
    | X-WBNR-Posting-Host: 134.134.136.1
    | From: "=?Utf-8?B?SmFzb24=?=" <JRawlins@noemail.nospam>
    | Subject: accessing WebService from asp.net App on load balanced Servers
    | Date: Sun, 27 Nov 2005 00:38:01 -0800
    | Lines: 19
    | Message-ID: <9EC26BC7-5C41-413E-AE97-F6CED93549A9@microsoft.com>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:16428
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hi,
    |
    | I have an ASP.Net application that retrieves Data from a Web Service.
    When
    | the Web service resides on the same server I have no problem and the
    asp.net
    | page functions as expected. I am using impersonation and the credentials
    are
    | being passed to the web service as expected.
    |
    | Now, when the web service resides on a different server the credentials
    are
    | not passed to the webservice and the asp application receives a 401
    Error. I
    | have seen emails about using kerberos but have not been successful in
    getting
    | it to work. Could this be because I am using Load balanced servers?
    (Using
    | Application Server) I thought this worked when using Windows 2000 Server
    but
    | I am now using Windows 2003 Server. Can you tell me What specific steps I
    | need to take for my asp.net application to function and retrieve content
    from
    | a web service passing the credentials of the original user using the
    asp.net
    | application??
    | Thanks
    | Jason
    |
    |

  • Next message: Jason: "RE: accessing WebService from asp.net App on load balanced Servers"

    Relevant Pages

    • RE: Operation timed-out downloading web service durning Add Web Reference - still no solutio
      ... remote webservice, and the problem is occuring after your server upgrated ... to a DNS/AD server,yes? ... So based on the changing of your webservice hosting server, ... Operation timed-out downloading web service durning Add Web ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: The request failed with HTTP status 401: Unauthorized
      ... I have set virtual directory of the WebService to anonymous, ... Your browser supplies the credentials of the logged in user, ... Check out the Credentials property of teh web service proxy. ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Consuming a PHP Webservice
      ... I am currently using NuSoap for the server implementation. ... > Just add the php as a "web reference" in your project. ... The web service works OK using a testing PHP client. ... >> web service to consume the webservice. ...
      (microsoft.public.dotnet.framework.webservices)
    • Re: Webservice Security Header error
      ... You can also specify a tolerance that you willing to accept on the Webservice ... >> machine in client company and they try to call the web service through the ... >> minutes than our server time? ... >>>which acts as a client to the webservice. ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • How to send back data using Webservices - C#
      ... the value which returned by the exe to the server. ... I came to know we can achieve this through webservice. ... In pocket PC application there is no web service option ... How can i execute a method from Webservice in client machine ...
      (microsoft.public.dotnet.framework.compactframework)