Web Services Quiz: Issue 10

YAWSQ (Yet Another Web Services Quiz)

Let me describe the following scenario:

• Web Service T1 contains an operation that returns a string
• Web Service T2 calls Web Service T1 in the context of its own operation
• Both Web Services run under IIS using the following security configuration:
  • “Integrated Windows Authentication” enabled
  • “Anonymous Access” disabled

Do you see a problem in the following implementation?

As always, answer and explanation will follow…

T1.asmx

   public class T1

   {

      [WebMethod]

      public string HelloWorld()

      {

         return "Hello World";

      }

   }

T2.asmx

   public class T2

   {

      [WebMethod]

      public string HelloWorld()

      {

         t1.T1 t1 = new OrderSrv.t1.T1();

         return t1.HelloWorld();

      }

   }

Comments

• Anonymous
  February 23, 2005
  I think T2 will try to call T1 anonymously
• Anonymous
  February 23, 2005
  You have forgotten to initialize the t1.Credentials member...
  
  t1.Credentials = System.Net.CredentialCache.DefaultCredentials
  
  But you have to think about a couple of things... under which account is the service T2 running? And more questions: are both web services running on the same machine or on different machines (if different machines - which account have you used for the T2 service ... is the machine of the T1 service aware of the account?) ... and another one: if the web services running on different machines and the client runs on another, different machine as well - have you configured Kerberos delegation appropriately? Question over question over question ... if I know that all I can give you the correct answer... :-))