c# web service driving me insane

[localzuk]

I have the following in an application:

Code:

                svc = new localhost.Service1();
                svc.Credentials = CredentialCache.DefaultCredentials;

svc is declared elsewhere as such:

Code:

private localhost.Service1 svc;

Now, logic dicates that that service object will connect with the current user's credentials. Instead, I get an error message (as I put it in a try/catch block) stating 'Server was unable to process request. ---> Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.'

Why is it trying to log on with the anonymous account?!

Any ideas, as this is driving me to the edge of sanity...

[sparkeh]

Hard to say without knowing what you are doing, but you aren't by chance trying to access a web server that uses an sql instance hosted on another server are you? (could be a long shot )

[bizzel]

Is the machine joined to the domain and is the logged-on account a domain user? Otherwise you'll get a blank set of credentials back.

[sparkeh]

Hard to say without knowing what you are doing, but you aren't by chance trying to access a web server that uses an sql instance hosted on another server are you? (could be a long shot )

I say this as if this what you are doing it could be the 'double hop'. You can't pass credentials to one server to be passed on to another this way (or at least when I last looked)

But you may be doing something completely different.

[localzuk]

Hard to say without knowing what you are doing, but you aren't by chance trying to access a web server that uses an sql instance hosted on another server are you? (could be a long shot )

The SQL instance is on the same server (ie. the webservice and sql instance are on the server app1, and the client is on another machine).

And the machine is domain joined and logged in too.

I have come to the conclusion that I dislike web services in c#... ARGH!

[localzuk]

OK, the whole 'double hop' thing seems to be the issue - I've changed the connection string for SQL to localhost instead of the actual server name and it now 'works' (well, I now get a different message but I can work through that one I reckon).

[sparkeh]

Interesting...

Hmm do you have a SPN registered for the SQL instance?

So I think that the tcp connection to the server runs under LocalSystem account, if there is no SPN then it falls back to NTLM and the LocalSystem account inherits from System context rather than your user context and hence the anonymous login.

[localzuk]

Interesting...

Hmm do you have a SPN registered for the SQL instance?

So I think that the tcp connection to the server runs under LocalSystem account, if there is no SPN then it falls back to NTLM and the LocalSystem account inherits from System context rather than your user context and hence the anonymous login.

To be honest, I have so little knowledge of MSSQL, I don't know what you mean. What is an SPN?

I can understand the falling back part though.

[sparkeh]

Oh I'm no expert, just things I've picked up while dabbling

SPN = Service Principal Name. Used for mutual authentication.
Theres is an explanation here, the MS explanation here and guide to setting it up for SQL here.

[ajbritton]

I've no experience of using c# or creating web services but I would not have expected a web service to use the 'current user credentials' unless you mean the credentials of the user issuing the request(?).

If the service is running behind a web server (IIS) then I would expect it to default to use the anonymous logon account or the .NET account....

Just a thought.

[sparkeh]

I've no experience of using c# or creating web services but I would not have expected a web service to use the 'current user credentials' unless you mean the credentials of the user issuing the request(?).

If the service is running behind a web server (IIS) then I would expect it to default to use the anonymous logon account or the .NET account....

Just a thought.

Not true. Read this tech article about c# and DefaultCredentials

The relevant bit:

DefaultCredentials represents the system credentials for the current security context in which the application is running. For a client-side application, these are usually the Windows credentials (user name, password, and domain) of the user running the application. For ASP.NET applications, the default credentials are the user credentials of the logged-in user, or the user being impersonated.