I must be missing something very basic. Here is the scenario
We have a ASP.NET 2.0 WebService (Server 2003) with the following settings:
- SSL
- Integrated Security
- Anom. Access DISABLED
- Running under NETWORK SERVICE
- Exposed (i.e. can access from public internet)
- Service returns data from database using application username/password, does NOT call another webservice
- No impersonation is set on the service although I have tried to toggle that as well.
We have a client machine (same domain) that is disconnected from the LAN but is using an air card. The user is signed into the laptop using their AD username/password/domain.
In the code at the proxy level, we have service.PreAuthenticate = true
We have also trid using both DefaultCredentials and DefaultNetworkCredentials with the same result.
- .NET windows client works WITH VPN
- .NET windows client gets a 401: Unauthorized WITHOUT VPN (Note: no inner exception is returned)
- IE works with or without VPN.
My assumption (maybe incorrect) was that if I passed in the DefaultNetworkCredentials to the proxy class, that it would pass in the domain credentials to authenticate. IE is obviously doing some magic to make this work.
What am I missing?