Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is it possible to authenticate to a web service that is on the same network using Windows credentials provided by Active Directory

Posted on 2014-10-30
5
Medium Priority
?
253 Views
Last Modified: 2014-10-31
I currently have a situation where I am trying to authenticate to a web service using the currently logged in Windows user credentials. On the server side (which I also have control over), the web service is being authenticated with Active Directories. I want the web service authentication to be done "organically".  Both the client and the web service will be within the same network but will NOT be using the same machine.

Everything works fine if I set the credentials directly as follows:
 
            var credentials = new NetworkCredential("<username>", "<password>");
            var handler = new HttpClientHandler { Credentials = credentials };
            var client = new HttpClient(handler);
            string request = "<request string>";
            var obj = new { request = request };
            byte[] data;

            using (client)
            {
                client.BaseAddress = new Uri("<url>");
                var response = client.PostAsJsonAsync("<suburl>", obj).Result;
                data = response.Content.ReadAsByteArrayAsync().Result;
            }

Open in new window


However, if I try and use the DefaultNetworkCredentials as follows, I get a "401 - Unauthorized" from the server:
 
            var credentials = CredentialCache.DefaultNetworkCredentials;
            var handler = new HttpClientHandler { Credentials = credentials };
            var client = new HttpClient(handler);
            string request = "<request string>";
            var obj = new { request = request };
            byte[] data;

            using (client)
            {
                client.BaseAddress = new Uri("<url>");
                var response = client.PostAsJsonAsync("<suburl>", obj).Result;
                data = response.Content.ReadAsByteArrayAsync().Result;
            }

Open in new window


I am fairly certain I have everything set correctly on the server side to authenticate this way (ie. disable anonymous, enable Windows Authentication, use the [Authorize] decoration on the web service method, etc.)  I think the correct server setup is evidenced by the fact that I can authenticate correctly when hard coding the credentials.

I have seen elsewhere that this may be impossible for security reasons.  I am not so sure that is true.

Any suggestions?
0
Comment
Question by:JonTEC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:JonTEC
ID: 40415646
I have searched Experts Exchange and others for solutions but have not found a working scenario.

The project is written in ASP.Net C# (which is probably obvious). The main goal is inter-departmental communications to share information via a web service to any department within the network without requiring an additional login.  

All users (and rights) on that network are managed by Active Directories.  We don't want individual credentials stored anywhere outside of Active Directories because they do change frequently and we don't want the additional security risk.

We are moving toward a "single sign on" scenario.

Is there any other information I can provide that may help?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40416451
I believe you have to use "passthrough authentication". This passes through the user credentials to the service instead of running as the app pool.
http://www.helpmasterpro.com/helpfile/Active%20Directory/HTML%20Files/Windows%20authenticated%20logon%20for%20Microsoft%20IIS%207.htm
0
 

Author Comment

by:JonTEC
ID: 40416495
Thank you Aaron!  I reviewed the link you provided and double checked the "passthrough authentication" settings.  It appears I have things setup correctly already. Could there be something else missing? Server side or code side?
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 1500 total points
ID: 40416518
for help with the code, you need to be added to the c# topic, I can't really help with that.

Here is an old article but it has some examples using ADObject oUser = new ADUser();
I don't know if that is currently the right way to do things or not.
http://www.c-sharpcorner.com/uploadfile/kevinrou/integrating-ldap-active-directory-into-your-net-web-portal-C-Sharp-or-VB-Net/
0
 

Author Closing Comment

by:JonTEC
ID: 40416544
Thanks Aaron!  I will open this question up in the C# and programming topic.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question