Credentials being lost between servers - out of ideas!

[Jason Wood]

I have read everything I can find on this and I can't figure out what is
failing.

I have a webservice in production that is working great. It uses windows
authentication and is ssl-encrypted.

I have a web app that works when it is on the same server as the web
service. However, when I am running it from my local machine, it fails in the
call to the web service. Of course, this is where I intend to test from, so I
really want to get it working.

I have my app set up to impersonate, using windows authentication, and I
disallow anonymous access. I have established that the request is going
direct to the production server, not out to our proxy/firewall.

I establish credentials with this code:

RebuildCodes.Credentials =
System.Net.CredentialCache.DefaultCredentials

The specific error message I get is

Server was unable to process request. --> Login failed for user '\'.

And the trace looks like this:


[SoapException: Server was unable to process request. --> Login failed for
user '\'.]

System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
methodName, Object[] parameters)
PayrollWebApps.com.kenonic.webkc.Service1.RebuildS hiftOTCodes() in
c:\inetpub\wwwroot\PayrollWebApps\Web
References\com.kenonic.webkc\Reference.vb:42
PayrollWebApps.WebForm1.Button1_Click(Object sender, EventArgs e) in
c:\inetpub\wwwroot\PayrollWebApps\WebForm1.aspx.vb :35
System.Web.UI.WebControls.Button.OnClick(EventArgs e)

System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePostBackEvent(String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
sourceControl, String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData)
System.Web.UI.Page.ProcessRequestMain()


I also tried running this from a windows app, to rule out my web.config file
and my IIS settings as possible factors. The same error message is received.

Most similar errors I have seen on support sites report the user as (null)
or the anonymous account. Can anybody help me figure out why my credentials
are being passed as '\'? Incidentally, the special character \ can not be
google'd, so it may have affected others but I can't find them.

Thanks,
Jason Wood.

[Jason Wood]

Update: There is another variable. The production instance now reports the
same error, even though it was working previously. The code has not changed
in that time. Any hints where to start looking?

"Jason Wood" wrote:

> I have read everything I can find on this and I can't figure out what is
> failing.
>
> I have a webservice in production that is working great. It uses windows
> authentication and is ssl-encrypted.
>
> I have a web app that works when it is on the same server as the web
> service. However, when I am running it from my local machine, it fails in the
> call to the web service. Of course, this is where I intend to test from, so I
> really want to get it working.
>
> I have my app set up to impersonate, using windows authentication, and I
> disallow anonymous access. I have established that the request is going
> direct to the production server, not out to our proxy/firewall.
>
> I establish credentials with this code:
>
> RebuildCodes.Credentials =
> System.Net.CredentialCache.DefaultCredentials
>
> The specific error message I get is
>
> Server was unable to process request. --> Login failed for user '\'.
>
> And the trace looks like this:
>
>
> [SoapException: Server was unable to process request. --> Login failed for
> user '\'.]
>
> System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
> System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
> methodName, Object[] parameters)
> PayrollWebApps.com.kenonic.webkc.Service1.RebuildS hiftOTCodes() in
> c:\inetpub\wwwroot\PayrollWebApps\Web
> References\com.kenonic.webkc\Reference.vb:42
> PayrollWebApps.WebForm1.Button1_Click(Object sender, EventArgs e) in
> c:\inetpub\wwwroot\PayrollWebApps\WebForm1.aspx.vb :35
> System.Web.UI.WebControls.Button.OnClick(EventArgs e)
>
> System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePostBackEvent(String eventArgument)
> System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
> sourceControl, String eventArgument)
> System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData)
> System.Web.UI.Page.ProcessRequestMain()
>
>
> I also tried running this from a windows app, to rule out my web.config file
> and my IIS settings as possible factors. The same error message is received.
>
> Most similar errors I have seen on support sites report the user as (null)
> or the anonymous account. Can anybody help me figure out why my credentials
> are being passed as '\'? Incidentally, the special character \ can not be
> google'd, so it may have affected others but I can't find them.
>
> Thanks,
> Jason Wood.

[Feroze [msft]]

If I understand this correctly, you have a asp.net web application which is
using a webervice proxy to talk to a webservice on another machine. You have
set the webservice to authenticate using Windows auth, and it is SSL
encrypted as well. You mentioned that when you run your app on the same
machine as the webservice, it works. And it fails if run from a different
machine.

Can you provide some details here:

1) You have setup the webservice to impersonate using windows auth. Is it
impersonating the authenticated user who is sending the request ? Or is it
impersonating a specific user on the machine.

2) Can you hit the webservice using IE from another machine ?

--
feroze

-----------------
This posting is provided as-is. It offers no warranties and assigns no
rights.

See [url]http://weblogs.asp.net/feroze_daud[/url] for System.Net related posts.
----------------

"Jason Wood" <JasonWood@discussions.microsoft.com> wrote in message
news:4A87F2F6-22CD-4B38-BB8C-0AB89DE868EB@microsoft.com...

> Update: There is another variable. The production instance now reports the
> same error, even though it was working previously. The code has not

changed

> in that time. Any hints where to start looking?
>
> "Jason Wood" wrote:
>

> > I have read everything I can find on this and I can't figure out what is
> > failing.
> >
> > I have a webservice in production that is working great. It uses windows
> > authentication and is ssl-encrypted.
> >
> > I have a web app that works when it is on the same server as the web
> > service. However, when I am running it from my local machine, it fails

in the

> > call to the web service. Of course, this is where I intend to test from,

so I

> > really want to get it working.
> >
> > I have my app set up to impersonate, using windows authentication, and I
> > disallow anonymous access. I have established that the request is going
> > direct to the production server, not out to our proxy/firewall.
> >
> > I establish credentials with this code:
> >
> > RebuildCodes.Credentials =
> > System.Net.CredentialCache.DefaultCredentials
> >
> > The specific error message I get is
> >
> > Server was unable to process request. --> Login failed for user '\'.
> >
> > And the trace looks like this:
> >
> >
> > [SoapException: Server was unable to process request. --> Login failed

for

> > user '\'.]
> >
> >

System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClient
Message message, WebResponse response, Stream responseStream, Boolean
asyncCall)

> > System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
> > methodName, Object[] parameters)
> > PayrollWebApps.com.kenonic.webkc.Service1.RebuildS hiftOTCodes() in
> > c:\inetpub\wwwroot\PayrollWebApps\Web
> > References\com.kenonic.webkc\Reference.vb:42
> > PayrollWebApps.WebForm1.Button1_Click(Object sender, EventArgs e) in
> > c:\inetpub\wwwroot\PayrollWebApps\WebForm1.aspx.vb :35
> > System.Web.UI.WebControls.Button.OnClick(EventArgs e)
> >
> >

System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePo
stBackEvent(String eventArgument)

> > System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
> > sourceControl, String eventArgument)
> > System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData)
> > System.Web.UI.Page.ProcessRequestMain()
> >
> >
> > I also tried running this from a windows app, to rule out my web.config

file

> > and my IIS settings as possible factors. The same error message is

received.

> >
> > Most similar errors I have seen on support sites report the user as

(null)

> > or the anonymous account. Can anybody help me figure out why my

credentials

> > are being passed as '\'? Incidentally, the special character \ can not

be

> > google'd, so it may have affected others but I can't find them.
> >
> > Thanks,
> > Jason Wood.

[Jason Wood]

Thanks Feroze. In getting the information to answer your questions, I got
more organized in my testing. The behaviours now appear to exactly match the
"double-hop" credentials issue. I think my best solution is to wait a few
weeks until AD is implemented here.

Regards,
Jason

"Feroze [msft]" wrote:

> If I understand this correctly, you have a asp.net web application which is
> using a webervice proxy to talk to a webservice on another machine. You have
> set the webservice to authenticate using Windows auth, and it is SSL
> encrypted as well. You mentioned that when you run your app on the same
> machine as the webservice, it works. And it fails if run from a different
> machine.
>
> Can you provide some details here:
>
> 1) You have setup the webservice to impersonate using windows auth. Is it
> impersonating the authenticated user who is sending the request ? Or is it
> impersonating a specific user on the machine.
>
> 2) Can you hit the webservice using IE from another machine ?
>
> --
> feroze
>
> -----------------
> This posting is provided as-is. It offers no warranties and assigns no
> rights.
>
> See [url]http://weblogs.asp.net/feroze_daud[/url] for System.Net related posts.
> ----------------
>
> "Jason Wood" <JasonWood@discussions.microsoft.com> wrote in message
> news:4A87F2F6-22CD-4B38-BB8C-0AB89DE868EB@microsoft.com...

> > Update: There is another variable. The production instance now reports the
> > same error, even though it was working previously. The code has not

> changed

> > in that time. Any hints where to start looking?
> >
> > "Jason Wood" wrote:
> >

> > > I have read everything I can find on this and I can't figure out what is
> > > failing.
> > >
> > > I have a webservice in production that is working great. It uses windows
> > > authentication and is ssl-encrypted.
> > >
> > > I have a web app that works when it is on the same server as the web
> > > service. However, when I am running it from my local machine, it fails

> in the

> > > call to the web service. Of course, this is where I intend to test from,

> so I

> > > really want to get it working.
> > >
> > > I have my app set up to impersonate, using windows authentication, and I
> > > disallow anonymous access. I have established that the request is going
> > > direct to the production server, not out to our proxy/firewall.
> > >
> > > I establish credentials with this code:
> > >
> > > RebuildCodes.Credentials =
> > > System.Net.CredentialCache.DefaultCredentials
> > >
> > > The specific error message I get is
> > >
> > > Server was unable to process request. --> Login failed for user '\'.
> > >
> > > And the trace looks like this:
> > >
> > >
> > > [SoapException: Server was unable to process request. --> Login failed

> for

> > > user '\'.]
> > >
> > >

> System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadResponse(SoapClient
> Message message, WebResponse response, Stream responseStream, Boolean
> asyncCall)

> > > System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
> > > methodName, Object[] parameters)
> > > PayrollWebApps.com.kenonic.webkc.Service1.RebuildS hiftOTCodes() in
> > > c:\inetpub\wwwroot\PayrollWebApps\Web
> > > References\com.kenonic.webkc\Reference.vb:42
> > > PayrollWebApps.WebForm1.Button1_Click(Object sender, EventArgs e) in
> > > c:\inetpub\wwwroot\PayrollWebApps\WebForm1.aspx.vb :35
> > > System.Web.UI.WebControls.Button.OnClick(EventArgs e)
> > >
> > >

> System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePo
> stBackEvent(String eventArgument)

> > > System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
> > > sourceControl, String eventArgument)
> > > System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData)
> > > System.Web.UI.Page.ProcessRequestMain()
> > >
> > >
> > > I also tried running this from a windows app, to rule out my web.config

> file

> > > and my IIS settings as possible factors. The same error message is

> received.

> > >
> > > Most similar errors I have seen on support sites report the user as

> (null)

> > > or the anonymous account. Can anybody help me figure out why my

> credentials

> > > are being passed as '\'? Incidentally, the special character \ can not

> be

> > > google'd, so it may have affected others but I can't find them.
> > >
> > > Thanks,
> > > Jason Wood.

>
>
>