I don't have access to webservice, what to do? - asp.net

The request failed with HTTP status 401: Unauthorized.
When I test in the browser it works, but when I call it from another application I don't have access. What to do? The application where the webservice is using windows authentication. It's propably there the problem is, I suppose!
I solved it:
They are on the same domain but not on the same application. I pass
the authentication with the webservice call:
cm.Credentials = System.Net.CredentialCache.DefaultCredentials;

Windows Authentication for a web service provides some challenges; the web service would need to be on the same domain for that to work I believe, so that it could use the user's credentials.
Do you have to use windows credentials? Using a ticketing system, which requires the user to first login through another web service method, can work just as well.

Related

Consume java web service from .NET Web Service and/or asp.net web application

I'm trying to consume a Java Web Service from third party, so i dont have any control over it. I have a pfx file which is password protected, and i installed it in my development box.
This is the code i'm using:
var proxy = new MyServiceReference.WsaaServerBeanService();
var result = proxy.login("test");
I'm getting System.Net.Sockets.SocketError.TimedOut exception when invoking the login web method. The first thing that come to my mind is an authentication issue. Apart from installing the pfx, do i need to send some other info to the web server to authenticate?
System.Net.Sockets.SocketError.TimedOut
Does not indicate an authentication issue, it indicates that you either are not able to contact the remote web service endpoint, or you are and the service is taking too long to respond. Make sure you can actually hit the endpoint from your machine via telnet, a web browser etc...
Authentication failures will usually return immediately.

Asp.Net Web Form calling same domain WCF service without need for authentication

I have a aspnetcompatibility=true WCF service (http binding) in the same domain of my Asp.Net website.
I want to make a call from my Asp.Net server side code to the WCF service.
I have tried to make a web request to http://testDomain/mySite/services/mySvc.svc but got the login page instead.
Is there a way to call the wcf service from the same domain asp.net site so that the service knows to not authenticate again?
Note: I use IIS7, and I'm open to change by binding as long as I can make a call to it w/o authentication. I'm hoping to host the svc in IIS.
Try to enable windows authentication in IIS for your hosted service and disable anonymous authentication (if it is enabled). Besides, pass security credentials (domain credentials perhaps in your case) from the client to the service.

How to protect a WCF Rest service with username and password?

I'm new in WCF and I want to know how can I protect a WCF Rest service.
I have an asp.net website, only registered users can access it, the application uses a service hosted on the same IIS server, my question is, how can I restrict the use of this service, for that only registered users may use it, knowing that the service can be used by many clients (Android, iPhone, ...). what type of authentication I can use? to test the service I created a winform and I use an HttpWebRequest.
PS: I cant use https.
Thanks
Simplest way is to use asp.net compatibility mode. The WCF service call will result in the same preprocessing used for ASP.NET pages, including checking the ASP.NET auth and session cookies. You will also be able to check HttpContext, including httpcontext.current.user.identity.isauthenticated. If the user is not authenticated, throw an exception or return an error code. Here is some more information: http://msdn.microsoft.com/en-us/library/aa702682.aspx.
So if you are already using forms auth for your application, and the service should be called after a user has logged in to your application, you are set.
You can also create an authentication service. The service will allow the client to send a username / password, and will use ASP.NET authentication to authenticate the user. It will send back an auth cookie, and then you can check future service calls as above. See http://msdn.microsoft.com/en-us/library/bb386582.aspx.
I believe the authentication service can called using json. See How to Call .NET AuthenticationService from json client without ASP.NET.

Enable cross domain integrated windows authentication

I have a web application (say app1) which is hosted in a IIS server virtual directory.
This web application needs Integrated Windows Authentication for its functioning.
I need to integrate this web application with another product which does not use supply me windows credentials.
This application sends me an http request in a specific format.
I need to validate the request and redirect it to app1 with valid windows credentials so that it logs in smoothly.
I have created another application for this purpose
This is hosted on a separate virtual directory.
It has IIS anonymous and asp.net anonymous authentication enabled.
the pseudo code is as follows :
app2
parse request
if request sucessful
get windows credentials
get identity using credentials
reponse.redirect(app1.aspx)
But app1 authentication fails, IE asks me for credentials again.
Ideally IE should not ask me for credentials.
What would be the security context sent in the request to app1.
How can I trace the authentication failure at iis and asp.net?
To do this you need a trust relationship between the domains.
The response.redirect just sends a response back to the browser which then makes a request for the page in the redirect. So the identity is the identity of the browser.

Authenticating a user via wcf

I have a java app with a .net application running in the java applications embedded browser.
I want the java application to call a .net WCF or web service with a username and password.
The wcf will set the user to authorized in forms authentication.
In the java desktop application I will then load a .aspx page that was protected via forms authentication.
How can I accomplish this? Is it even possible...?
You will need to enable ASP.NET compatibility mode on the WCF service in order to enable forms authentication.
The Java client application could send username and password over a secure connection and your WCF service authenticates the user via FormsAuthentication.Authenticate(username, password) or FormsAuthentication.SetAuthCookie.
You will then need to use a cookie store on the Java client side in order to pass the authentication cookie on every consecutive request (and update it when it gets refreshed), but this should be a built-in feature of your HTTP-client.
The .aspx page must run on a server with the same machine key as the WCF service.
Conclusion: Yes, it is possible, but for me it is not clear to which ".NET application" you refer to?
Edit: I think its clear now, you will need to be able to set the browser cookies. If you cant do this directly from your java application, a workaround would be to let the WCF service communicate that the user is authenticated and then set the cookie on the .aspx site request.

Resources