| jacorona 2007-02-01, 7:22 am |
| Thank you for answering, David.
The setup to test this strange behaviour, is the following:
- Desktop WinForm client application on W2K and .Net 2.0, accessing directly
to an IIS 5.0 site using an "https:" address. Proxy built adding a reference
to the web service.
-[IIS site in local machine] (in principle, this shouldn't matter)
- IIS site configured:
- To accept "Integrated Windows authentication", and
- Without "requiring" SSL, it accepts client certificates
-[IIS site hosting a simple web service developed on .Net 2.0] (in
principle, this shouldn't matter, either)
Behaviour:
- When desktop application is configured to present a client certificate it
works fine. Web service is accesed and the identity it sees comes from the
mapping defined in IIS for that certificate.
(service.ClientCertificates.Add(cert);)
- When desktop application is configured to present kerberos ticket
(integrated security), it times out. (service.Credentials =
CredentialCache.DefaultCredentials;)
Notes:
- When desktop application acceses the web service via "http:" and
integrated security, it also works fine.
Hope this explanation helps. I have been unable read anything that makes me
think this scenario (an IIS site configured to accept both types of
credentials under https does not work. Perhaps I should do something else
in the client code, but I have also been unable to find anything regarding
that.
Many thanks again.
JACorona
"David Wang" wrote:
> Windows Integrated Authentication works over HTTPS. Independent of
> Client-Cert mapping.
>
> On which network leg does the network proxy happen? Because Integrated
> Authentication user token cannot be "proxied" downstream by default.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
> On Jan 31, 2:27 am, jacorona <jacor...@discussions.microsoft.com>
> wrote:
>
>
>
|