Friday, February 24, 2012

custom code + delegation = problem...

Hi,
I have a custom aspx page which access RS (Reporting Services) using the
webservice interface.
I'm using the delegation (defautcredentialcache) to send the user
authentication to RS.
RS and my web application are on the same server.
this works fine in 2 cases:
* NT authentication used in both virtual directories (/reportserver & /
mycustomapp)
* Basic authentication used for /mycustomapp but NT authentication for
/reportserver
But I want to setup the Basic authentication for both the /reportserver & /
mycustomapp virtual folders.
I don't understand why using the default credential cache doesn't works.
my current work around is to detect if I'm in Basic authentication mode,
then a create a networkcredential object base on the current user login &
password.
does it a RS related issue? or an ASP.Net one?Hello,
I've had issues with webservices and credential delegation many times.
I have a quick article I wrote here that may help. If not let me know and
I can try to help out.
article http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
Good Luck,
Duane
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
dlaflotte@.criticalsites.com
http://www.criticalsites.com/dlaflotte
"Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
> Hi,
> I have a custom aspx page which access RS (Reporting Services) using the
> webservice interface.
> I'm using the delegation (defautcredentialcache) to send the user
> authentication to RS.
> RS and my web application are on the same server.
> this works fine in 2 cases:
> * NT authentication used in both virtual directories (/reportserver & /
> mycustomapp)
> * Basic authentication used for /mycustomapp but NT authentication for
> /reportserver
> But I want to setup the Basic authentication for both the /reportserver &
/
> mycustomapp virtual folders.
> I don't understand why using the default credential cache doesn't works.
> my current work around is to detect if I'm in Basic authentication mode,
> then a create a networkcredential object base on the current user login &
> password.
> does it a RS related issue? or an ASP.Net one?
>|||mmm
I allready have tested this without more success.
now the only problem I have is this:
* Frontend custom app using Basic authentication
* Reportserver using both NTLM & Basic authentication
in this case, I send the username + password of the active user, but I
receive a permission error!
I think the system try to use the integrated security...
"Duane Laflotte" <dlaflotte@.criticalsites.com> wrote in message
news:O$tSasOcFHA.3712@.TK2MSFTNGP09.phx.gbl...
> Hello,
> I've had issues with webservices and credential delegation many times.
> I have a quick article I wrote here that may help. If not let me know
> and
> I can try to help out.
> article
> http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
> Good Luck,
> Duane
>
> --
> Duane Laflotte
> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
> dlaflotte@.criticalsites.com
> http://www.criticalsites.com/dlaflotte
>
> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
> news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I have a custom aspx page which access RS (Reporting Services) using the
>> webservice interface.
>> I'm using the delegation (defautcredentialcache) to send the user
>> authentication to RS.
>> RS and my web application are on the same server.
>> this works fine in 2 cases:
>> * NT authentication used in both virtual directories (/reportserver & /
>> mycustomapp)
>> * Basic authentication used for /mycustomapp but NT authentication for
>> /reportserver
>> But I want to setup the Basic authentication for both the /reportserver &
> /
>> mycustomapp virtual folders.
>> I don't understand why using the default credential cache doesn't works.
>> my current work around is to detect if I'm in Basic authentication mode,
>> then a create a networkcredential object base on the current user login &
>> password.
>> does it a RS related issue? or an ASP.Net one?
>>
>|||If the front end server is using basic auth, are you capturing the user name
and password from that and passing those in your NetworkCredential object or
are you using DefaultCredentials?
Joe K.
"Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
news:uxrxFQZdFHA.1036@.tk2msftngp13.phx.gbl...
> mmm
> I allready have tested this without more success.
> now the only problem I have is this:
> * Frontend custom app using Basic authentication
> * Reportserver using both NTLM & Basic authentication
> in this case, I send the username + password of the active user, but I
> receive a permission error!
> I think the system try to use the integrated security...
> "Duane Laflotte" <dlaflotte@.criticalsites.com> wrote in message
> news:O$tSasOcFHA.3712@.TK2MSFTNGP09.phx.gbl...
>> Hello,
>> I've had issues with webservices and credential delegation many
>> times.
>> I have a quick article I wrote here that may help. If not let me know
>> and
>> I can try to help out.
>> article
>> http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
>> Good Luck,
>> Duane
>>
>> --
>> Duane Laflotte
>> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
>> dlaflotte@.criticalsites.com
>> http://www.criticalsites.com/dlaflotte
>>
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I have a custom aspx page which access RS (Reporting Services) using the
>> webservice interface.
>> I'm using the delegation (defautcredentialcache) to send the user
>> authentication to RS.
>> RS and my web application are on the same server.
>> this works fine in 2 cases:
>> * NT authentication used in both virtual directories (/reportserver & /
>> mycustomapp)
>> * Basic authentication used for /mycustomapp but NT authentication for
>> /reportserver
>> But I want to setup the Basic authentication for both the /reportserver
>> &
>> /
>> mycustomapp virtual folders.
>> I don't understand why using the default credential cache doesn't works.
>> my current work around is to detect if I'm in Basic authentication mode,
>> then a create a networkcredential object base on the current user login
>> &
>> password.
>> does it a RS related issue? or an ASP.Net one?
>>
>>
>|||yes.
Dim header As String = Page.Request.ServerVariables("HTTP_AUTHORIZATION")
If header.StartsWith("Basic") Or header = "" Then
oServ.Credentials = New
Net.NetworkCredential(Page.Request.ServerVariables("AUTH_USER"),
Page.Request.ServerVariables("AUTH_PASSWORD"))
Else
oServ.PreAuthenticate = True
oServ.Credentials = Net.CredentialCache.DefaultCredentials
End If
I have also tried with PreAuthenticate = true with basic authentication.
This code works fine if integrated security is disabled for the reportserver
virtual folder (so both web sites used the same security model)
There is a way to force the preferred authentication method used when I call
the webservice?
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@.removethis.accenture.com> wrote
in message news:%23mxnFAadFHA.1448@.TK2MSFTNGP14.phx.gbl...
> If the front end server is using basic auth, are you capturing the user
> name and password from that and passing those in your NetworkCredential
> object or are you using DefaultCredentials?
> Joe K.
> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
> news:uxrxFQZdFHA.1036@.tk2msftngp13.phx.gbl...
>> mmm
>> I allready have tested this without more success.
>> now the only problem I have is this:
>> * Frontend custom app using Basic authentication
>> * Reportserver using both NTLM & Basic authentication
>> in this case, I send the username + password of the active user, but I
>> receive a permission error!
>> I think the system try to use the integrated security...
>> "Duane Laflotte" <dlaflotte@.criticalsites.com> wrote in message
>> news:O$tSasOcFHA.3712@.TK2MSFTNGP09.phx.gbl...
>> Hello,
>> I've had issues with webservices and credential delegation many
>> times.
>> I have a quick article I wrote here that may help. If not let me know
>> and
>> I can try to help out.
>> article
>> http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
>> Good Luck,
>> Duane
>>
>> --
>> Duane Laflotte
>> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
>> dlaflotte@.criticalsites.com
>> http://www.criticalsites.com/dlaflotte
>>
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I have a custom aspx page which access RS (Reporting Services) using
>> the
>> webservice interface.
>> I'm using the delegation (defautcredentialcache) to send the user
>> authentication to RS.
>> RS and my web application are on the same server.
>> this works fine in 2 cases:
>> * NT authentication used in both virtual directories (/reportserver & /
>> mycustomapp)
>> * Basic authentication used for /mycustomapp but NT authentication for
>> /reportserver
>> But I want to setup the Basic authentication for both the /reportserver
>> &
>> /
>> mycustomapp virtual folders.
>> I don't understand why using the default credential cache doesn't
>> works.
>> my current work around is to detect if I'm in Basic authentication
>> mode,
>> then a create a networkcredential object base on the current user login
>> &
>> password.
>> does it a RS related issue? or an ASP.Net one?
>>
>>
>>
>|||As far as I know you can't force the client to only do one authentication
method, but I could be wrong. Typically, the client and server will
negotiate based on what the server accepts and the client can provide.
What happens if you specify a domain in the NetworkCredential (or does the
AUTH_USER header already have a domain name like "domain\user" or a upn like
user@.domain.com?)?
Joe K.
"Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
news:eHVxsjadFHA.2556@.TK2MSFTNGP10.phx.gbl...
> yes.
> Dim header As String = Page.Request.ServerVariables("HTTP_AUTHORIZATION")
> If header.StartsWith("Basic") Or header = "" Then
> oServ.Credentials = New
> Net.NetworkCredential(Page.Request.ServerVariables("AUTH_USER"),
> Page.Request.ServerVariables("AUTH_PASSWORD"))
> Else
> oServ.PreAuthenticate = True
> oServ.Credentials = Net.CredentialCache.DefaultCredentials
> End If
>
> I have also tried with PreAuthenticate = true with basic authentication.
> This code works fine if integrated security is disabled for the
> reportserver virtual folder (so both web sites used the same security
> model)
> There is a way to force the preferred authentication method used when I
> call the webservice?
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@.removethis.accenture.com> wrote
> in message news:%23mxnFAadFHA.1448@.TK2MSFTNGP14.phx.gbl...
>> If the front end server is using basic auth, are you capturing the user
>> name and password from that and passing those in your NetworkCredential
>> object or are you using DefaultCredentials?
>> Joe K.
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:uxrxFQZdFHA.1036@.tk2msftngp13.phx.gbl...
>> mmm
>> I allready have tested this without more success.
>> now the only problem I have is this:
>> * Frontend custom app using Basic authentication
>> * Reportserver using both NTLM & Basic authentication
>> in this case, I send the username + password of the active user, but I
>> receive a permission error!
>> I think the system try to use the integrated security...
>> "Duane Laflotte" <dlaflotte@.criticalsites.com> wrote in message
>> news:O$tSasOcFHA.3712@.TK2MSFTNGP09.phx.gbl...
>> Hello,
>> I've had issues with webservices and credential delegation many
>> times.
>> I have a quick article I wrote here that may help. If not let me know
>> and
>> I can try to help out.
>> article
>> http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
>> Good Luck,
>> Duane
>>
>> --
>> Duane Laflotte
>> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
>> dlaflotte@.criticalsites.com
>> http://www.criticalsites.com/dlaflotte
>>
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I have a custom aspx page which access RS (Reporting Services) using
>> the
>> webservice interface.
>> I'm using the delegation (defautcredentialcache) to send the user
>> authentication to RS.
>> RS and my web application are on the same server.
>> this works fine in 2 cases:
>> * NT authentication used in both virtual directories (/reportserver &
>> /
>> mycustomapp)
>> * Basic authentication used for /mycustomapp but NT authentication for
>> /reportserver
>> But I want to setup the Basic authentication for both the
>> /reportserver &
>> /
>> mycustomapp virtual folders.
>> I don't understand why using the default credential cache doesn't
>> works.
>> my current work around is to detect if I'm in Basic authentication
>> mode,
>> then a create a networkcredential object base on the current user
>> login &
>> password.
>> does it a RS related issue? or an ASP.Net one?
>>
>>
>>
>>
>|||the domain is allready in the auth_user variable.
well... nothing works, so I'm using my workaround.
which is creating a second "reportserver" virtual folder, where only basic
authentication is used, and then there is no problems.
I think RS prefer to use the NT authentication instead-of the basic
authentication.
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@.removethis.accenture.com> wrote
in message news:uwPu75adFHA.4040@.TK2MSFTNGP14.phx.gbl...
> As far as I know you can't force the client to only do one authentication
> method, but I could be wrong. Typically, the client and server will
> negotiate based on what the server accepts and the client can provide.
> What happens if you specify a domain in the NetworkCredential (or does the
> AUTH_USER header already have a domain name like "domain\user" or a upn
> like user@.domain.com?)?
> Joe K.
> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
> news:eHVxsjadFHA.2556@.TK2MSFTNGP10.phx.gbl...
>> yes.
>> Dim header As String = Page.Request.ServerVariables("HTTP_AUTHORIZATION")
>> If header.StartsWith("Basic") Or header = "" Then
>> oServ.Credentials = New
>> Net.NetworkCredential(Page.Request.ServerVariables("AUTH_USER"),
>> Page.Request.ServerVariables("AUTH_PASSWORD"))
>> Else
>> oServ.PreAuthenticate = True
>> oServ.Credentials = Net.CredentialCache.DefaultCredentials
>> End If
>>
>> I have also tried with PreAuthenticate = true with basic authentication.
>> This code works fine if integrated security is disabled for the
>> reportserver virtual folder (so both web sites used the same security
>> model)
>> There is a way to force the preferred authentication method used when I
>> call the webservice?
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@.removethis.accenture.com>
>> wrote in message news:%23mxnFAadFHA.1448@.TK2MSFTNGP14.phx.gbl...
>> If the front end server is using basic auth, are you capturing the user
>> name and password from that and passing those in your NetworkCredential
>> object or are you using DefaultCredentials?
>> Joe K.
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:uxrxFQZdFHA.1036@.tk2msftngp13.phx.gbl...
>> mmm
>> I allready have tested this without more success.
>> now the only problem I have is this:
>> * Frontend custom app using Basic authentication
>> * Reportserver using both NTLM & Basic authentication
>> in this case, I send the username + password of the active user, but I
>> receive a permission error!
>> I think the system try to use the integrated security...
>> "Duane Laflotte" <dlaflotte@.criticalsites.com> wrote in message
>> news:O$tSasOcFHA.3712@.TK2MSFTNGP09.phx.gbl...
>> Hello,
>> I've had issues with webservices and credential delegation many
>> times.
>> I have a quick article I wrote here that may help. If not let me
>> know and
>> I can try to help out.
>> article
>> http://www.criticalsites.com/dlaflotte/default.aspx?date=2004-08-31
>> Good Luck,
>> Duane
>>
>> --
>> Duane Laflotte
>> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
>> dlaflotte@.criticalsites.com
>> http://www.criticalsites.com/dlaflotte
>>
>> "Jéjé" <willgart_A_@.hotmail_A_.com> wrote in message
>> news:%23wKtYcOcFHA.3492@.TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I have a custom aspx page which access RS (Reporting Services) using
>> the
>> webservice interface.
>> I'm using the delegation (defautcredentialcache) to send the user
>> authentication to RS.
>> RS and my web application are on the same server.
>> this works fine in 2 cases:
>> * NT authentication used in both virtual directories (/reportserver &
>> /
>> mycustomapp)
>> * Basic authentication used for /mycustomapp but NT authentication
>> for
>> /reportserver
>> But I want to setup the Basic authentication for both the
>> /reportserver &
>> /
>> mycustomapp virtual folders.
>> I don't understand why using the default credential cache doesn't
>> works.
>> my current work around is to detect if I'm in Basic authentication
>> mode,
>> then a create a networkcredential object base on the current user
>> login &
>> password.
>> does it a RS related issue? or an ASP.Net one?
>>
>>
>>
>>
>>
>

No comments:

Post a Comment