Re: Problem with control hosted in IE

From: Nicole Calinoiu (ngcalinoiu)
Date: 10/05/04

• Next message: Linus: "Re: ASP.NET Identity to COM+..."
• Previous message: Mark K: "Re: Specified method is not supported."
• In reply to: bogdanutz: "Problem with control hosted in IE"
• Next in thread: bogdanutz: "Re: Problem with control hosted in IE"
• Reply: bogdanutz: "Re: Problem with control hosted in IE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 5 Oct 2004 14:36:06 -0400

The control is running on the client machine, so the default credentials are
taken from the client context. These will be the Windows logon from the
client machine, not the credentials you entered into IE for use when sending
HTTP requests to the server.

Basically, there is no way to read the cached IE credentials from within
your control (it would be a fairly big security vulnerability if you could),
so you'll need to choose an alternate approach such as one of the following:

1. Make a separate credentials request to the user from within your
control, then use these credentials when communicating with the web service.

2. If you're in an intranet or extranet scenario, allowing access by
appropriate domain accounts (which would be the client-side Windows login
accounts) may be a possibility.

3. Re-design this piece of the application so that the communication
between client and server would be a bit less cumbersome. One possibility
might be use of a stand-alone Windows Forms client to communicate with the
web service. Another might be removing the Windows Forms portion entirely
and using a plain old web UI.

HTH,
Nicole

"bogdanutz" <bogdanc@teamnet.ro> wrote in message
news:OajIVltqEHA.536@TK2MSFTNGP09.phx.gbl...
>I have a windows control that resides in a strong named assembly. The
> assembly has the AllowPartialyTrustedCallers attribute.
> On the server the dll that contains the control is in a virtual directory
> that also contains a webService.
> The virtual directory's authentication is windows (as the application's -
> i'm using impersonation).
>
> The windows control is embeded in a page with the "object" tag.
> I logon to another machine using a local account (not one that the IIS
> could
> now).
> When i request this page from that machine IE request that i give him a
> windows account name and password and after that
> the internet explorer loads the assembly just fine, but when trying to
> access the web service mentioned eralier
> IIS returns a security exception (401).
>
> Before calling any method of the web service , i set the web service's
> credentials to System.Net.CredentialCache.DefaultCredentials.
> Upon inspecting the server's event log, under security, i found a "Failure
> Audit":
>
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: Administrator
> Domain: VM_2KPRO_GOL
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: VM_2KPRO_GOL
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
>
> The logon failure refers to the name "Administrator" , the local account I
> used to logon to the machine, not the one I gave to IE.
> The documentation refering to
> System.Net.CredentialCache.DefaultCredentials
> says that it will USUALLY(?) give the windows
> credentials.
>
> So,what is the problem , is there another way to access the service with
> windows authentication?
>
> (I tried also with anonymus access on IIS and the web service and forms
> authentication for the app but the cookie is not sent along with the
> request
> for the web service
> so there is no way for me to authenticate the user)
>
> Thanx
>
>

---

• Next message: Linus: "Re: ASP.NET Identity to COM+..."
• Previous message: Mark K: "Re: Specified method is not supported."
• In reply to: bogdanutz: "Problem with control hosted in IE"
• Next in thread: bogdanutz: "Re: Problem with control hosted in IE"
• Reply: bogdanutz: "Re: Problem with control hosted in IE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Does the ability to use cached logon expire? ... >> credentials, they need to log on to the Domain to reset it. ... > Microsoft Windows 2000 Security Hardening Guide ... > Disable Caching of Logon Information ... > how many user account entries Windows 2000 saves in the logon cache ... (microsoft.public.windowsxp.security_admin) RE: Event log Error - Security ... > I need to confirm with you: is 192.168.10.202 is one of your client ... > computer who is running Windows 2000 or Windows XP? ... > client computer tries to use Kerberos authentication before using NTLM ... A logon type of 3 translates to Network. ... (microsoft.public.windows.server.sbs) Re: Event 2510 appears every 12 minutes in Server 2003 DC system l ... only Windows Server 2003 and Windows XP. ... "Meinolf Weber" wrote: ... Is that client a domain member? ... Succesful Network Logon: ... (microsoft.public.windows.server.general) Re: one terminalclient cant connect to terminal server. ... User/group has not been given the right to "Allow logon through Terminal ... We have a windows 2000 terminal server and a windows 2003 terminal ... terminal services client on windows 2000 workstations. ... I also checked the license server, ... (microsoft.public.windows.terminal_services) Re: 2003 Web Edition logon errors ... > succesfully logon to the machines. ... > users to logon with credentials from domain A. When selecting Domain C ... Unable to obtain Terminal Server User Configuration. ... > the windows 2000 boxes allow users to logon using credentials from ... (microsoft.public.win2000.advanced_server)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)