Thanks for the help Jeff.
Your code didn't work but I found an article which explained
exactly how to do it. Here it is:
http://www.fawcette.com/vsm/2002_06/online/online_eprods/aspnet_jgoodyear_06
_24_02/default.asp
The code I had to add was:
s1.Proxy = new WebProxy("Proxy Address",
true,null,
new
NetworkCredential("UserName","Password",
"Domain")
Charles.
-----Original Message-----
From: Jeff Dunmall [mailto:[EMAIL PROTECTED]]
Sent: 17 July 2002 18:54
To: [EMAIL PROTECTED]
Subject: Re: [ADVANCED-DOTNET] Web Service through a firewall
Hi Charles,
I can take a stab at part of your problem. The ISA server requires a
valid internal security context to process your request. This likely
means the ISA server is part of your domain, giving it access to the
domain accounts. I assume you do not have to log in when you access the
Internet.
Your web service is doing the same thing. Off the top of my head, I
don't know how to change the authentication credentials used by the
service. I'm going to throw this code out as a place to start. I
haven't tried it:
Service1 s1 = new Service1();
s1.Credentials = CredentialCache.DefaultCredentials;
If you don't want to use the default credentials, I believe you can
create your own based on another username and password, or you can
include more than one set of credentials in the cache.
As to why it doesn't work automatically - the web service is running
under your security context, assuming you have NTLM enabled, you don't
allow anonymous users, and you've enabled impersonation. While your
credentials can be used to access resources on the same machine, they
cannot be used to access a remote computer. This requires delegation.
Enabling delegation is a two step process. First, you need to tell IE
on the client to negotiate differently. Under advanced in IE6, you'll
see the highly intuitive option labelled 'Enable Integrated Windows
Authentication'. That will force IE to negotiate using Kerberos, which
supports delegation.
The next step is to actually give your account permission to use
delegation. By default, your account is not trusted for delegation. In
the AD, under an account properties, check the 'Account is trusted for
delegation' box. Give this setting a few minutes to 'sink in' -
depending on the number of domain controllers you have, it might not
work immediately.
All of this is handy if you're calling a remote web service within your
network that needs to do something as the caller, like perform an LDAP
query.
There is an alternative to all of this Kerberos stuff. If you use Basic
Authentication instead of NTLM, your password is supplied in clear-text
to IIS. That means it can use that password automatically to access
down-stream resources. Of course, this is less secure and means your
password is floating around on the network.
Hope some of this helps.
Jeff
-----Original Message-----
From: Charles Gamble [mailto:[EMAIL PROTECTED]]
Sent: July 17, 2002 5:29 AM
To: [EMAIL PROTECTED]
Subject: [ADVANCED-DOTNET] Web Service through a firewall
Hi all,
I am having problems accessing external web services through our company
firewall. When using VS.NET I get the following when trying to add a web
reference to a remote web service: The request failed with HTTP status
407:
Proxy Authentication Required ( The ISA Server requires authorization to
fulfill the request. Access to the Web Proxy service is denied. ).
I also get the same error when accessing the Microsoft UDDI directory in
VS.NET. Note, IE allows me to view the WSDL on the external web service
without any problem.
So I then tried using WSDL.exe and specifying a /proxyusername
and /proxypassword and this generated the .cs file correctly. Note, if I
don't use these settings it does not work. It seems I need to specify my
Username and Password to get past the proxy server.
So I then added the .cs file to a project and then tried to call the web
service. However, I got the same error when actually calling the method.
How would I get around this?
Can I specify a proxy username and password in the generated .cs proxy
file
to connect to the web service?
Why is my Username and Password not automaticaly picked up?
Any help is appreciated.
Charles Gamble.
You can read messages from the Advanced DOTNET archive, unsubscribe from
Advanced DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
You can read messages from the Advanced DOTNET archive, unsubscribe from
Advanced DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced
DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
