Hi, to which URL is your web proxy set?
cheers, dominick ----------------------------- Dominick Baier, DevelopMentor http://www.leastprivilege.com -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Don Stanley Sent: Mittwoch, 1. März 2006 00:12 To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] ASP.NET Delegation One other thing - Does it matter that the server is being referenced by an "external" DNS name? I've set up the ASP.NET app to use the address http://crm.company.com, which just redirects to an internal IP address. The server is actually a member of the domain company.local (this was done to make the transition from internal to external easier). Does that make any difference? Don -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Dominick Baier Sent: Tuesday, February 28, 2006 12:59 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] ASP.NET Delegation Hi, first of all you should be sure which identity is used to call the web service - output a WindowsIdentity.GetCurrent().Name before setting the credentials - is this account authorized for the web service? If the web service is on the same machine you are not delegating - anyhow - this is the best place for Kerberos delegation troubleshooting: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/ security/tkerbdel.mspx cheers, dominick ----------------------------- Dominick Baier, DevelopMentor http://www.leastprivilege.com -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Don Stanley Sent: Dienstag, 28. Februar 2006 19:20 To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: [ADVANCED-DOTNET] ASP.NET Delegation I am having trouble passing credentials from an ASP.NET application to a web service call on the same machine. The web service is for Microsoft CRM 3.0, and the code to access it is as follows: Web Project name: CRMUtilities Web Reference: CRM // Standard CRM Service Setup CRM.CrmService service = new CRM.CrmService(); // This should pull the Windows credentials from the ASP.NET app service.Credentials = System.Net.CredentialCache.DefaultCredentials; // set up columns (ID in particular) ... try { newLead = (CRM.lead)service.Retrieve( CRM.EntityName.lead.ToString(), new Guid(_ObjectID),columns); } catch(SoapException soapException) { throw new Exception(soapException.Detail.InnerXml); } catch(Exception exception) { throw exception; } This works fine from my development workstation, but when I deploy to the server, I get a 401:Unauthorized WebException. I am certain the exception comes on the service.Retrieve call because if I comment out the "throw exception" line in the second catch block it continues on (meaning the service.Retrieve line is throwing the exception). The problem seems to be that the credentials are not being passed to the web service call, because in the IIS log the username is blank for the web service calls, but is present for the ASP.NET app calls. One other thing to note: crm.company.com is a DNS alias for the IP address of the virtual web. Could that be causeing issues? Everything is still on the same physical box. I have tried the following scenarios with the same result: * Add as an application under default web site and access via http://servername/CRMUtilities * Add as an Applicatrion under the CRM Virtual Web Site (hoping that the windows auth would carry through). * Hard-code the impersonating user that the extension site uses * Hard code the credentials that the web service uses The server is set up to allow delegation in AD. Is there any way to debug why the credentials aren't being passed from the ASP.NET app to the web service call? Am I missing something else? Does anyone have a recommended site/book/whatever for debugging and troubleshooting Kerberos delegation? Thanks, Don =================================== This list is hosted by DevelopMentorR http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor(r) http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor. http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
