Re: Unable to retrieve user identity using vb6 client
From: Tom Kaminski [MVP] ((A_at_T))
Date: Thu, 12 Jun 2003 11:33:38 -0400
"Chris Harrison" <firstname.lastname@example.org> wrote in message
> >-----Original Message-----
> >"Chris harrison" <email@example.com> wrote in
> >> I'm using integrated windows authentication on IIS5 on
> >> win2k server. The server is behind a port80 only
> >> on the intranet, and has a one-way-trust to the same NT
> >> domain control that the clients use.
> >> A webservice sits on the server that amongst other
> >> authorises access to certain web methods based on a
> >> database table and the user's identity.
> >> A simple web method called getUserIdentity has been
> >> written that simply has
> >> Return User.Identity.Name
> >> When testing the web service through a browser, the user
> >> identity is correctly returned.
> >> When testing the web service from a vb6 application
> >> a MSSOAPLib30.SoapClient30 object, access to the service
> >> is denied. It appears that this somehow prevents the
> >> correct user identity being available even though it was
> >> available using a browser front end.
> >> The same Soap Client code works when integrated windows
> >> security is disabled and the authorisation routine is
> >> circumnavigated.
> >> I've checked the NTFS permissions and added Everyone
> >> full control as a check but still have the same issue.
> >> Could anyone suggest what might be happening and a
> >> solution?
> >It sounds like MSSOAPLib30.SoapClient30 doesn't support
> Windows Integrated
> >authentication, which makes sense given that SOAP is an
> open standard while
> >Windows Integrated authentication is proprietary.
> Perhaps you could use an
> >IE object instead?
> Thanks for the reply.
> When I set this up on a test network with Active
> Directory, a windowsxp client and a windows2000 server it
> does work. The returned soap message is the correct
> domain\user. Would this rule out the possiblity that Soap
> prevents windows integrated authentication from working?
> My (basic) understanding of win int auth is that no
> windows user info is actually passed across from client to
> server with a request. If both machines are on the same
> domain, IIS simply checks that the client has been
> authenticated by the domain controller and uses that
> identity. Is this right?
> Any more ideas?
I'll admit I don't know much about SOAP, but did your test use a browser or
the VB client? The key is that the client supports the protocol.
-- Tom Kaminski IIS MVP http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://mvp.support.microsoft.com/ http://www.microsoft.com/windowsserver2003/community/centers/iis/