Re: Unable to authenticate via kerberos to IIS site accepting clie
- From: jacorona <jacorona@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Jan 2007 23:46:00 -0800
Thank you for answering, David.
The setup to test this strange behaviour, is the following:
- Desktop WinForm client application on W2K and .Net 2.0, accessing directly
to an IIS 5.0 site using an "https:" address. Proxy built adding a reference
to the web service.
-[IIS site in local machine] (in principle, this shouldn't matter)
- IIS site configured:
- To accept "Integrated Windows authentication", and
- Without "requiring" SSL, it accepts client certificates
-[IIS site hosting a simple web service developed on .Net 2.0] (in
principle, this shouldn't matter, either)
Behaviour:
- When desktop application is configured to present a client certificate it
works fine. Web service is accesed and the identity it sees comes from the
mapping defined in IIS for that certificate.
(service.ClientCertificates.Add(cert);)
- When desktop application is configured to present kerberos ticket
(integrated security), it times out. (service.Credentials =
CredentialCache.DefaultCredentials;)
Notes:
- When desktop application acceses the web service via "http:" and
integrated security, it also works fine.
Hope this explanation helps. I have been unable read anything that makes me
think this scenario (an IIS site configured to accept both types of
credentials under https:) does not work. Perhaps I should do something else
in the client code, but I have also been unable to find anything regarding
that.
Many thanks again.
JACorona
"David Wang" wrote:
Windows Integrated Authentication works over HTTPS. Independent of.
Client-Cert mapping.
On which network leg does the network proxy happen? Because Integrated
Authentication user token cannot be "proxied" downstream by default.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Jan 31, 2:27 am, jacorona <jacor...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
Hello all,
After spending a few hours searching the web, I post this message to this
newsgroup just in case what seems to me an strange behaviour could be due to
IIS.
I'm trying to access a web service hosted in an IIS site configured to
accept both "Integrated Windows authentication" and "client certificates"
using an "https:" Uri. The client is a WinForm application in .Net 2.0.
When I configure the web service proxy to use client certificates it works
OK (the cert is mapped to a Windows account and the web service runs).
However, if I configure it to use the integrated Windows credentials, it
hangs.
Perhaps the .Net proxy configuration is more complex than I suspect, but I
post the doubt to this newsgroup just in case that IIS shouldn't be
configured that way for any reason. Summarising, should it be possible to
access an IIS site thru an "https:" Uri using either Windows integrated
authentication or client certificates?
Any help will be appreciated. Many thanks.
- Follow-Ups:
- Re: Unable to authenticate via kerberos to IIS site accepting clie
- From: David Wang
- Re: Unable to authenticate via kerberos to IIS site accepting clie
- References:
- Prev by Date: ms odbc text driver error
- Next by Date: Re: SSL not working
- Previous by thread: Re: Unable to authenticate via kerberos to IIS site accepting client c
- Next by thread: Re: Unable to authenticate via kerberos to IIS site accepting clie
- Index(es):
Relevant Pages
|
Loading
