HOW TO: Pass Current Credentials to an ASP.NET Web Service (813834)


The information in this article applies to:

  • Microsoft Web Services (included with the .NET Framework) 1.0
  • Microsoft ASP.NET (included with the .NET Framework) 1.0
  • Microsoft Visual C# .NET (2002)
  • Microsoft Visual Basic .NET (2002)
  • Microsoft ASP.NET (included with the .NET Framework 1.1)
  • Microsoft Visual C# .NET (2003)
  • Microsoft Visual Basic .NET (2003)
This article references the following .NET Framework Class Library namespace:

System.Net

IN THIS TASK

SUMMARY

This step-by-step article describes how to pass the user's current credentials to an XML Web service that was created by using ASP.NET.

The DefaultCredentials property of the CredentialCache class contains the system credentials of the current security context. For client applications, these credentials represent the user name, the password, and the domain of the user who is currently logged on. Client credentials are not passed automatically. To pass the client's Windows security context to a Web service, you must set the Credentials property of the Web service proxy to CredentialCache.DefaultCredentials.

back to the top

Create the Web Service

  1. Start Microsoft Visual Studio .NET. Create a new ASP.NET Web Service project by using Visual C# .NET or Visual Basic .NET. By default, Service1.asmx is created.
  2. Name the project MyWebService.
  3. In Solution Explorer, right-click Service1.asmx, and then click View Code.
  4. In the Service1.asmx.cs file (or the Service1.asmx.vb file if you used Visual Basic .NET), remove the comment on the default WebMethod HelloWorld().
  5. On the Build menu, click Build Solution.
  6. Type the following URL in your browser to view the Service1 Web service description:

    http://localhost/MyWebService/Service1.asmx

  7. To test the HelloWorld WebMethod, click the HelloWorld link. Notice that the WebMethod works as expected.
back to the top

Set Integrated Windows Authentication for the Web Service

  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Administrative Tools.
  3. Double-click Internet Information Services.
  4. Expand Internet Information Services, and then locate the MyWebService virtual directory.
  5. Right-click MyWebService, and then click Properties.
  6. Click the Directory Security tab. Under Anonymous access and authentication control, click Edit.
  7. In the Authentication Methods dialog box, click to select the check box for Integrated Windows authentication.
back to the top

Use the Web Service

  1. Create a new ASP.NET Web Application by using Visual C# .NET or Visual Basic .NET. Name the project WebServiceTest.
  2. In Solution Explorer, right-click References, and then click Add Web Reference.
  3. In the Address text box, type the following URL for WebServiceTest:

    http://localhost/MyWebService/Service1.asmx

  4. Click Go, and then click Add Reference.
  5. In Solution Explorer, right-click WebForm1.aspx, and then click View Code.
  6. In the Design View of WebForm1, double-click WebForm1 to open the Page_Load event code. Change the Page_Load event code as follows:

    Visual C# .NET Sample Code
    private void Page_Load(object sender, System.EventArgs e)
{
// Start an instance of the Web Service client-side proxy.
localhost.Service1 myProxy = new localhost.Service1();
Response.Write( myProxy.HelloWorld());	
}
    Visual Basic .NET Sample Code
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

'Start an instance of the Web Service client-side proxy.
Dim myProxy As localhost.Service1 = New localhost.Service1()
Response.Write(myProxy.HelloWorld())
End Sub
  7. On the Build menu, click Build Solution.
  8. Type the following URL in the browser to view the Service1 Web service description:

    http://localhost/WebServiceTest/WebForm1.aspx

  9. You may receive an Access Denied error message. This occurs because your credentials are not delivered with the Web service request for authentication.
back to the top

Pass Current Credentials to the Web Service

The CredentialCache class belongs to the System.Net namespace.
  1. Add the following namespace declaration to the top of the file:

    Visual C# .NET Sample Code
    using System.Net;
    Visual Basic .NET Sample Code
    Imports System.Net
  2. Assign DefaultCredentials to the Credentials property of the Web service client-side proxy. To do this, change the code of the Page_Load event as follows:

    Visual C# .NET Sample:
    private void Page_Load(object sender, System.EventArgs e)
{
// Start an instance of the Web service client-side proxy.
localhost.Service1 myProxy = new localhost.Service1();
myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
Response.Write( myProxy.HelloWorld());	
}
    Visual Basic .NET Sample Code
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

'Start an instance of the Web service client-side proxy.
Dim myProxy As localhost.Service1 = New localhost.Service1()
myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials
Response.Write(myProxy.HelloWorld())
End Sub
  3. On the Debug menu, click Start. Hello World appears in the browser.
back to the top

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811318 PRB: "Access Denied" Error Message When You Call a Web Service While Anonymous Authentication Is Turned Off

For more information, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp

back to the top
Modification Type:MajorLast Reviewed:6/17/2003
Keywords:kbWebServices kbWebForms kbSecurity kbAuthentication kbHOWTOmaster KB813834 kbAudDeveloper
©2003 Microsoft Corporation. All rights reserved.