Re: Windows Auth -- double hop issue??
From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 03/24/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Previous message: Binny: "Re: Forms Authentication Problem yet again"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 08:55:50 -0800
But Kannan said that all resources reside on the same server. How can it be
the double-hop problem? Logically, it should work, but maybe there is
something else we're missing.
Alek
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eXamriREEHA.1452@TK2MSFTNGP09.phx.gbl...
> Given that you are using default credentials, it does look like it might
be
> a double hop issue.
>
> If the current security context is an impersonation token that can't
> delegate, then the credentials you supply will not hop to the other
machine.
> Since Windows integrated authentication creates an imperonation token,
this
> is very likely to be the case.
>
> Joe K.
>
>
> "Kannan" <pv_kannan@yahoo.com> wrote in message
> news:b46a02f.0403231023.21b252a7@posting.google.com...
> > Hi Alex,
> > I am setting that in the code. Here is the code sample in VB.NET:
> >
> > Private Function LogonToProjectServer(ByVal projectServerUrl As
> > String)
> >
> > Dim url As String
> > Dim cookieString As String
> >
> > If Not projectServerUrl.EndsWith("/") Then
> > projectServerUrl += "/"
> > End If
> >
> > url = projectServerUrl + "LgnIntAu.asp"
> > Dim XMLDoc As New XmlDocument
> >
> > Try
> > Dim myReq As HttpWebRequest =
> > CType(WebRequest.Create(url), HttpWebRequest)
> > Dim conCookie As New CookieContainer
> > myReq.CookieContainer = conCookie
> > myReq.Credentials = CredentialCache.DefaultCredentials
> > Dim networkCredential As NetworkCredential =
> > CType(CredentialCache.DefaultCredentials, NetworkCredential)
> > Dim identity As WindowsIdentity =
> > WindowsIdentity.GetCurrent()
> >
> > Dim log As New EventLog
> > log.Log = "Application"
> > log.Source = "PDSHelper:LogonToProjectServer"
> >
> > log.WriteEntry("WindowsUser is " + identity.Name,
> > EventLogEntryType.Information) ' This returns the correct username
> >
> > Dim myRes As HttpWebResponse = Nothing
> > Dim i As Integer
> > For i = 0 To 2
> > Try
> > myRes = CType(myReq.GetResponse(),
> > HttpWebResponse)
> > ' if it gets to this line it didn't error
> > Exit For
> > Catch e As Exception
> > If i = 2 Then
> > Throw e
> > End If
> > End Try
> > Next i
> >
> > XMLDoc.Load(myRes.GetResponseStream())
> > log.WriteEntry("Xmlcontents are " + XMLDoc.InnerText,
> > EventLogEntryType.Information)
> > ' Close the response to free resources.
> > myRes.Close()
> >
> > cookieString = GetLogonStatus(XMLDoc)
> > If cookieString.Length < 10 Then
> > Throw New Exception("Invalid Project Server Login
> > Cookie: " + cookieString)
> > End If
> > Catch ex As Exception
> > Throw New Exception("Error occurred attempting to log
> > into project server: " + url + vbCrLf + XMLDoc.InnerXml, ex)
> > End Try
> >
> > LogonToProjectServer = cookieString
> >
> > End Function
> >
> >
> >
> >
> > ************************************************************************
> > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:<OiRD1rHEEHA.3372@TK2MSFTNGP10.phx.gbl>...
> > > Kannan,
> > >
> > > Before you call the other site, make sure that you set the default
> > > credentials for your HttpWebRequest's (or whatever class you're using)
> > > Credentials member. See MSDN documentation on
> > > CredentialCache.DefaultCredentials for samples.
> > >
> > > Alek
> > >
> > > "Kannan" <pv_kannan@yahoo.com> wrote in message
> > > news:b46a02f.0403221407.388842f1@posting.google.com...
> > > > We are having a strange problem with NT credentials being lost while
> > > > accessing another resource on the same server.
> > > >
> > > > Here is the scenario:
> > > >
> > > > Step 1
> > > > -------------
> > > > Client A makes a call to a method in a C# DLL that resides in Server
A
> > > > using Windows Auth (correct settings in web.config and IIS).
> > > >
> > > > Step 2
> > > > -------------
> > > > That method makes a call to an asp page that is present on a
different
> > > > website on the same server (Server A) to retrieve a cookie value.
> > > >
> > > > I notice that Windows credentials are being passed over in Step 1.
It
> > > > returns the correct value when I use
WindowsIdentity.GetCurrent.Name.
> > > > But they do not get passed over from DLL method to the site in Step
2.
> > > > (LOGON_USER returns blank)
> > > >
> > > >
> > > > Would this be a double-hop issue? Would use of delegation and
kerberos
> > > > help?
> > > >
> > > > Any help would be really appreciated.
> > > >
> > > > Thanks
> > > > kannan
>
>
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Previous message: Binny: "Re: Forms Authentication Problem yet again"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
