Security impersonation
-
Hi I have to implement security with a web service. Since this is an intranet application, I decided to use Windows authentication with impersonation of the caller, with the following information in web.config file:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>This works fine if I use the Internet Explorer to access the web service (http://localhost/webservice/service1.asmx, and I enter the parameters). But when I use a Windows Form application, I get an Access Denied (HTTP 401). Any idea? -------- "I say no to drugs, but they don't listen." - Marilyn Manson
-
Hi I have to implement security with a web service. Since this is an intranet application, I decided to use Windows authentication with impersonation of the caller, with the following information in web.config file:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>This works fine if I use the Internet Explorer to access the web service (http://localhost/webservice/service1.asmx, and I enter the parameters). But when I use a Windows Form application, I get an Access Denied (HTTP 401). Any idea? -------- "I say no to drugs, but they don't listen." - Marilyn Manson
I don't know the exact answer to your question, but maybe you can find some useful information in the Microsoft Patterns & Practices. Here are some links to books about designig WebServices: Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication Authentication in ASP.NET: .NET Security Guidance.
Hope, you find something useful. -- Mariusz 'mAv' Wójcik master e-software engineer (BPC)