Computer Name vs FQDN Authentication Problem
From: Ben Halican (bhalican_at_hotmail.com)
Date: 08/23/03
- Next message: Michael Giagnocavo [MVP]: "Re: Obfuscators"
- Previous message: Keith Patrick: "Re: Obfuscators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Aug 2003 16:54:39 -0700
We have a web application on a computer (computer name
APP) that consumes a web service on another computer
(computer name SERV).
We are using active directory on a native win2k domain.
The computers have been set to allow delegation.
The domain username (APPUSER) has also been set to allow
delegation.
The web application and web service has been set to
authenticate using windows and impersonate=true.
The IIS website on both computers has been set to
Integrated Windows Authentication only.
We set the Credentials to
System.Net.CredentialCache.DefaultCredentials before
calling a webservice.
We are using Win2k SP3 and .NET Framework 1.1.
The ff scenarios illustrate our problem.
1. http://APP/client/default.aspx ->
http://SERV/service/service1.asmx (SUCCESS)
When we browse http://APP/client/default.aspx, it will
prompt for the username (APPUSER) and password.
The Thread.CurrentPrincipal.Identity.AuthenticationType
is Negotiate.
When we try to access the service as
http://SERV/service/service1.asmx, it returns the dummy
data and responds that the username that accessed the
service was (APPUSER) and the
Thread.CurrentPrincipal.Identity.AuthenticationType was
NEGOTIATE.
2. http://APP/client/default.aspx ->
http://SERV.DOMAIN.COM/service/service1.asmx (SUCCESS)
When we browse http://APP/client/default.aspx, it will
prompt for the username (APPUSER) and password.
The Thread.CurrentPrincipal.Identity.AuthenticationType
is Negotiate.
When we try to access the service as
http://SERV.DOMAIN.COM/service/service1.asmx, it returns
the dummy data and responds that the username that
accessed the service was (APPUSER) and the
Thread.CurrentPrincipal.Identity.AuthenticationType was
negotiate.
3. http://APP.DOMAIN.COM/client/default.aspx ->
http://SERV/service/service1.asmx (FAILED)
When we browse http://APP.DOMAIN.COM/client/default.aspx,
it will prompt for the username (APPUSER) and password.
The Thread.CurrentPrincipal.Identity.AuthenticationType
is Negotiate.
When we try to access the service as
http://SERV/service/service1.asmx, it fails with HTTP 401
Access Denied.
4. http://APP.DOMAIN.COM/client/default.aspx ->
http://SERV.DOMAIN.COM/service/service1.asmx (FAILED)
When we browse http://APP.DOMAIN.COM/client/default.aspx,
it will prompt for the username (APPUSER) and password.
The Thread.CurrentPrincipal.Identity.AuthenticationType
is Negotiate.
When we try to access the service as
http://SERV.DOMAIN.COM/service/service1.asmx, it fails
with HTTP 401 Access Denied.
Our main goal is to publish the web application on the
internet using ISA and we had this problem with
accessing the web services from the web application. So
far we tracked down the problem to this computer name vs
FQDN authentication. They both authenticate as the same
type on the Web Application but for some reason, if you
use FQDN on the web application, it does not authenticate
you on the web service.
We have also tried putting the internet name on our DNS
just to check if it's a firewall (ISA) issue.
It still didn't work.
I hope this is comprehensive enough for someone to be
able to help.
Thanks.
Ben H.
- Next message: Michael Giagnocavo [MVP]: "Re: Obfuscators"
- Previous message: Keith Patrick: "Re: Obfuscators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
