1

On my machine (a win server 2003) I have an ASP.Net web application which call an ASP.Net web service on a different server (also a win 2003 server). The web application is set to impersonate and use windows authentication. The web service is set to require windows authentication. The asmx file is restricted to a specific Active directory group through configuration in the web.config.

The web application calls the web service and passes the default credentials across. This all works when both Web App and Web service are on my machine, but when I move the web service to a separate server I get a 401, and the IIS log does not show the user, which means the credentials are not being passed across properly.

Is there something else I need to configure to allow credentials to be passed from my web app to the other server?

Jeremy
  • 903
  • 2
  • 9
  • 19

1 Answers1

1

For an ASP.NET app, if you set impersonation="true" then it will run under the authenticated user for 'most' things. So, if you have it prompting for a username/password on the web app, those credentials will pass through to the web service if impersonation is enabled.

However, you're going to run into what is called the 'double hop issue'. Windows auth purposefully doesn't allow credentials to pass through 2 hops like that. Here's a blog post that covers possible solutions: http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx

Scott Forsyth
  • 16,339
  • 3
  • 36
  • 55