Passing current credentials in a web service request...
From: <AC@discussions.microsoft.com>
Subject: Passing current credentials in a web service request...
Date: Thu, 13 Jan 2005 11:27:03 -0800
Newsgroups: microsoft.public.sharepoint.portalserver.development
I have a collection of web services on a server that require integrated authentication (they access data from a 3rd party app... specifically Microsoft Content Management Server). I also have a web part I built that accesses these web services. However, it doesn't look like the credentials of the logged in user on the portal are being passed along.
I am setting the Credentials property for the web service to CredentialCache.DefaultCredentials, but no luck. I've also ensured the impersonate tag is set to TRUE in the web.config for the potal & the portal's virutal server is set to integrated authentication.
I was able to test this outside of SharePoint by creating an ASPX page, setting the impersonate=true, setting the web process to integrated authentication, and it worked perfectly.
So... how can I pass along the credentials of the current logged in user in SharePoint to a web service?
--
-AC
**************************************
From: <AC@discussions.microsoft.com>
Subject: RE: Passing current credentials in a web service request...
Date: Thu, 13 Jan 2005 13:05:04 -0800
Newsgroups: microsoft.public.sharepoint.portalserver.development
Little more information...
I can pass the credentials if the web part is within the same domain as the web service. For example:
A web part in portal http://foo.com can access web services in http://foo.com/PublisherServices and pass their credentials... BUT A web part in portal http://fee.com can NOT access web servers in http://foo.com/PublisherServices passing the credentials.
-AC
**************************************
From: <Marco@discussions.microsoft.com>
Subject: RE: Passing current credentials in a web service request...
Date: Thu, 13 Jan 2005 13:09:05 -0800
Newsgroups: microsoft.public.sharepoint.portalserver.development
Are you receiving an error message back form the webservice and if you do what does it say. If the cerdentials are not passed correctly you should get an 401 error.
The way you described your setup should work so please provide some additional information.
Marco
**************************************
From: <AC@discussions.microsoft.com>
Subject: RE: Passing current credentials in a web service request...
Date: Thu, 13 Jan 2005 13:27:05 -0800
Newsgroups: microsoft.public.sharepoint.portalserver.development
Marco-
Thanks for the reply... yes I am receiving an error back from the web service (but I think it's actually coming form IIS). It's a
WebException:
The request failed with HTTP status 401: Unauthorized.
**************************************
From: "DJA"
Newsgroups: microsoft.public.sharepoint.portalserver.development
Subject: Re: Passing current credentials in a web service request...
Date: 18 Jan 2005 00:38:25 -0800
This is probably the problem known as the double hop error. If your webservice exists on another server than your SPS the client sends it credentials to the SPS-server (first hop) which tries to forward the credentials to the webservice server (2nd hop). For this to work with windows credentials, Kerberos delegation must be functioning properly and correct service principal names must be set. Furthermore if you used constrained delegation, you cannot span domains.
Regards,
Dan