Passing user credintials from a web page to a web service.

Passing user credintials from a web page to a web service.

Post by Dan Higma » Thu, 07 Apr 2005 11:35:35



I'm sure this is easy and I'll be embarrassed when I see the answer,
but I just can't figure this one out.
Using .Net/ASP 1.1 on a server using integrated authentication--
I have a web page (.aspx) that will collect some data from the user,
call a web service to get additional data, and then merge and format the
data back to the user's browser. But I want the web service to
authenticate with the user's credentials, not the credentials of IIS
serving the aspx page. What the web service will or will not return is
based on who is making the request.
How do I pass the user's credentials to the web service?

Sample code, white paper, knowledge base article, any clue will be
welcome. Thanks in advance.

Dan
 
 
 

Passing user credintials from a web page to a web service.

Post by Brock Alle » Thu, 07 Apr 2005 11:44:45

If you're using Basic authentication the username is available via HttpContext.Current.User.Identity
and the password is in some server variable (Enable Tracing to check which
one). Use this info to set the Credentials property on your webservice proxy
using ther NetworkCredentials class.

If you're using any other authentication mechanism you've got a problem since
you don't have a password. It's the classic 2nd hop authentication issue.
You need to somehow acquire the password from the user. The reason basic
authentication works is because the password is sent as a header to the server
when the user is challenged in the browser.

-Brock
DevelopMentor
http://www.yqcomputer.com/

 
 
 

Passing user credintials from a web page to a web service.

Post by Ken Cox [M » Thu, 07 Apr 2005 11:50:03

Hi Dan,

Just checking to see if you'd seen this...

HOW TO: Pass Current Credentials to an ASP.NET Web Service

http://www.yqcomputer.com/ ;en-us;813834

Ken
Microsoft MVP [ASP.NET]
Toronto
 
 
 

Passing user credintials from a web page to a web service.

Post by Dan Higma » Sun, 10 Apr 2005 10:32:49

Thanks Ken,
I had not see this particular article. I'm not sure how I missed it in
my search.
Unfortunately, the article is exactly correct; at least not in my
environment.
The technique in the article works if all the code is running on the
same machine. If you were to build all the examples in the article and
run them on localhost, it works just fine. But when the aspx code is
running on a different server than the web service, it doesn't work. At
least I can't get it to work. If I have impersonate set to false, the
credentials are that of the IIS server running the aspx. If I set
impersonate to true the credentials are null (the object exists, but all
the properties are null).
I'm beginning to thinks this can't be done with integrated security.

Dan
 
 
 

Passing user credintials from a web page to a web service.

Post by Scott Alle » Mon, 11 Apr 2005 00:00:48

Hi Dan:

It is the 2 hop issue Brock mentioned. One solution is to use
delegation, and I have some links to more information here:

http://www.yqcomputer.com/


On Fri, 08 Apr 2005 18:32:49 -0700, Dan Higman