ISA Server and Web Services

A

Adam Porter

I've got a vb.net app that uses webservices to download updates. One of our
clients has called saying he cannot update and get the following error:

System.Net.WebException: The underlying connection was closed: Unable to
connect to the remote server. ---> System.Net.WebException: The remote
server returned an error: (407) Proxy Authentication Required.

We are not running, nor are we accessing any proxy server from our end. He
says he is running ISA Server, which would be the proxy referred to in the
error. He claims that I need to send out each user's Windows Login,
Password, and Domain with my webservice call in order for the ISA Server to
recognize the owner of the request. Since he is the only client running ISA
Server, he is the only client having this trouble. Every other client's app
is working just fine. So here are my questions:

1) How do I fix my code to negotiate with his proxy while still letting
every other client still work? If they don't have a proxy server, won't the
new code mess their's up?

2) The client that runs ISA Server has multiple users. How do I
dynamically grab each user's logon credentials ( ID, Pass, Domain) ?

Thanks for any help you can provide.

-Adam-
 
M

Mohamoss

Hi Adam
You can either send default credentials (of the current user) to the
service. By sending that with the proxy class within the calling
application
s.Credentials = System.Net.CredentialCache.DefaultCredentials;
you need to be running the applcaiton and the service with in the same
domain however.


Or you can create a credential object with username and password
System.Net.NetworkCredential myCred =

System.Net.NetworkCredential(txtuserid.Text,txtpassword.Text,txtdomain.Text)
;System.Net.CredentialCache myCache = new System.Net.CredentialCache();
myCache.Add(new Uri(s.Url), txttype.Text, myCred);
s.Credentials = myCache;

sorry that code that I have is in C# , what you have here is basically
creating the creadntilas object and again sending it to the proxy.
He may also just need to open the Kerberos ports in his ISA server . since
this kind or windows domain authentication uses Kerberos authentication (
starting windows 200) . there is built in rule with ISA to open that
just apply it ( don't remember how exactly however since I haven't used ISA
in a while ) . So may be this all what needs to be done and if the service
doesn't require authentication , anonymous access will be allowed
You might also be having integrated authentication failure due to the lack
of a Proxy-Connection: Keep-Alive header that a Web Service client does not
typically send. Keeping a connection alive is not good in terms of security
because the open connection might be used by other applications as well
however you can try this
HttpWebRequest.UnsafeAuthenticatedConnectionSharing =
true;
Hope this helps

Mohamed Mahfouz
MEA Developer Support Center
ITworx on behalf of Microsoft EMEA GTSC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VB system.Net.WebClient Post through Proxy/ISA Server 0
Error installing published app 5
ISA Server issues 0
Vb.Net Error 407 1
Proxy authentication failure 1
Outlook and ISA server. 1
problems with isa 2000 exceptions 2
RPC over HTTP behind ISA 2004 2

Top