Re: Anonymous and integrated authentication for Web service

Yes - David is saying that this can be done.

BUT

You need to write the client appropriately. An off-the-shelf HTTP client (like a browser) doesn't work this way. It will just make an anonymous request by default. Only if the server denies the request (with a 401) will it ask the user for credentials.

In your case, you need to write a client that will automatically try Integrated Windows Auth *first* rather than trying anonymous first (or a client that detects whether it's on the internel network or not and adjusts it's request appropriately)

Cheers
Ken

--
My IIS blog: http://adopenstatic.com/blog


"iamahulk" <iamahulk@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C3683122-41DE-4D2D-B5C7-99CAC9567706@xxxxxxxxxxxxxxxx
I'm not sure if I understand what you're saying. Some clients will be
accessing the webservice while on our network and have windows credentials,
others from outside our network will call the service without credentials.
Given this are you saying they both can call the same web service?

Is this simply a matter of configuring the web service in IIS to:
Enable anonymous access
and
Integrated Windows authentication

Because I've read other posting where this doesn't work

"David Wang" wrote:

On Mar 26, 9:36 am, iamahulk <iamah...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
> Is it possible using IIS(version 6) to have both Anonymous and > integrated
> authentication for a web service?
> By this I mean can it do intergrated authentication when the > credentials
> exist, but if they don't allow an anonymous connection? (For a single > URL)


Yes, IIS supports such "fallback" authentication protocol, but only if
the Web Service Client initiates it.

If the WebService Client always tries Integrated First and if it
fails, retry with Anonymous, then you can simply configure IIS6 Web
Service to allow both Anonymous and Integrated.

If you cannot control the client, then you will have to write and run
custom software on the server to enforce such proprietary behavior.
There are no standard authentication protocol which works like this.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


.

Relevant Pages

  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISAPI Authentication
    ... The job of your authentication filter is to accept ... non-Windows credentials from the client and then map them to a Windows ...
    (microsoft.public.inetserver.iis.security)
  • Re: a web service to log in to a image application server
    ... I don't know how it would be handled client side using PHP. ... You could also reuse a known authentication scheme. ... The image server is used to stored image documents requiring ... If I develop a web service to authenticate log in to ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Anonymous and integrated authentication for Web service
    ... Can you tell me where to look for information on how to create a .net client ... I tried changing values in the UseDefaultCredentials and Credentials ... Given this are you saying they both can call the same web service? ... Integrated Windows authentication ...
    (microsoft.public.inetserver.iis.security)
  • RE: Login to the WebService
    ... \par Hi Mike, ... As for forms authentication, I'd like to confirm the following things: ... \par have problem to use login to the web service. ... \par service that provides datas and files to the WinForm Client. ...
    (microsoft.public.dotnet.framework.webservices)