Basic question: how does one setup a web application and web services where they use windows authentication to connect the web application to the web service?
I have inherited an application written in asp.net 2.0 and am working to migrate it to asp.net 4.8. The solution is designed with a project for the web UI and a project for the web services. I have deployed both projects to an IIS site on a Windows 2019 server as separate applications on the same server in the Default Web Site. Each has their own application pool with AppPoolIdentity as the identity and both use Windows Authentication method and have all other authentication methods disabled. Each application is set to use pass-through-authentication when connecting.
When I run the UI application project it tries to call the first web service and I get 401 Unauthorized at the web service call. I have added some logging in the web application and the web service and can see it is authenticating me on the web application and verified the exact url (http://localhost/{appname}/authenticate.asmx) being used to call the web service but it is rejecting the attempt to access the web service with the 401 Unauthorized error from the web application. When I independently access the webservice it is accessible, authenticates me, and works as expected verified by logging output.
What do I need to change to get the application to connect to the web service with the same authenticated user? Do I need to change the AppPoolIdentity to something else like a service account or set it to Network Service or something else? I would have thought the UI application would pass-through the authenticated user to the web wervice but that must not be happening and I am not sure what to set to enable that connectivity.
Thank you in advance.
Related
I have hosted my ASP.net core web app in Azure and i am using Azure AD authorisation to read roles as shown here. I am getting 400 invalid id token for callback in the hosted application. In chrome console i see only this error message.I am able to see id_token in callback in network tab as well. But if i run the same code in local machine as localhost after changing redirect url to localhost i don't get any issues and I am able to read roles etc. So i believe my code is fine. What can be the reason for invalid id token error when i run the hosted application. How it can be troubleshooted.
I got the same issue when i hosted my .net web application in Azuer App service.
go to App Service-> open your application -> goto Authentication/Authorization -> off App service Authentication.
I have set up MVC Web API with Windows authentication. I did add [Authorize] attribute to the API method.
I have a created a test MVC web app and I was able to connect successfully when I run it from visual studio with IIS Express.
I did pass Default-network Credentials handler when initializing HttpClient.
Once I deployed to IIS server locally, I started to get Unauthorized error. Not sure if I need to configure anything differently.
I did add authentication mode to Windows and enabled Windows Authentication in IIS as well on both Apps.
Any help is really appreciated.
Thank you.
I have a web application done in razor and i want to convert it to a normal client application. So what i thought of is to self host that web application and serve it through WebControl in WinForms, i already done this using owin. However the self hosted application can also be accessed through a browser or any external machine if privileges are given. My question here, how to prevent any external browser from accessing my self hosted owin web app, and still connect through the my client's internal browser ?
How Passive adfs 2.0 authenitcation for Web application can consume WCF Restful Services?
I am using ASP.NET 4.0, C# to develop web application and WCF Rest Service.....
So could you please help me to understand how to secure Restful service using claim based authentication
Here is what I need: -
I have a Web App and WCF Rest service with webhttpbinding gets called from ajax jquery.
Now the user logs into the Web App which is relying party, he is redirected to the adfs login page.
Once logged in, he is redirected back to the Web app.
This web app invokes the wcf Service.
Passive authentication is working fine but issue is when calling WCF service.
In ajax call for wcf service get undefined error. (namespace attribute is not getting added example
var svc = project.services.AjaxService()
where project does not include services and namespace attribute is missing which is present when same code is getting called from form authentication.
Where project.services is namespace for service class AjaxService.
And also same service is getting called using Telerik controls WebServiceSettings.
Can anyone please help me in this. what configuration setting is required and anything else need to be added?
How can i achieve both using ajax and telerik.
I have old school web service and it is configured to impersonate the caller. Works with no problem. Now I am thinking about adding another more higher level ASP.NET (non-wcf) web service which would be calling the original web service.
The question is - will the client identity flow across two hops as in client (1)-> new web service (2)-> old web service) or there will be issues?
I believe unless the new ASP.NET web service impersonates the client, the identity will not flow to the second web service. If there is no impersonation then windows identity of the worker process will be sent to the old service. With impersonation, new service code will run under same user as that of client and then using DefaultCredentials, you can call the old web service.