views:

299

answers:

1

I must be missing something very basic. Here is the scenario

We have a ASP.NET 2.0 WebService (Server 2003) with the following settings:

  • SSL
  • Integrated Security
  • Anom. Access DISABLED
  • Running under NETWORK SERVICE
  • Exposed (i.e. can access from public internet)
  • Service returns data from database using application username/password, does NOT call another webservice
  • No impersonation is set on the service although I have tried to toggle that as well.

We have a client machine (same domain) that is disconnected from the LAN but is using an air card. The user is signed into the laptop using their AD username/password/domain.

In the code at the proxy level, we have service.PreAuthenticate = true We have also trid using both DefaultCredentials and DefaultNetworkCredentials with the same result.

  1. .NET windows client works WITH VPN
  2. .NET windows client gets a 401: Unauthorized WITHOUT VPN (Note: no inner exception is returned)
  3. IE works with or without VPN.

My assumption (maybe incorrect) was that if I passed in the DefaultNetworkCredentials to the proxy class, that it would pass in the domain credentials to authenticate. IE is obviously doing some magic to make this work.

What am I missing?

A: 

IE uses NTLM by default if your using Firefox, Safari etc.. you'll have to specify the domains server.

This happened to me a while back with a Web App.

http://www.nateirwin.net/2007/01/19/enabling-ntlm-authentication-in-firefox-and-internet-explorer/

JeremySpouken
it's a custom windows client
Cody C
I got confused since you mentioned IE.
JeremySpouken