Problem: Hosting remoting in IIS with Windows Authentication

Roy Chastain

2005-09-08 17:43:58 UTC

Here are my notes that I made when I got this working about 2 years ago.

The directory that hosts the remote objects must have the following security
Off - Anonymous
Off - Digest
Off - Basic
On - Integrated

The NTFS permission for the must be set to allow a user or a GROUP (in my case) access.

System running IIS must be marked trust for delegation in AD
Server hosting the remote objects in IIS must be set to be trusted for delegation.
IIS directory must be NOT Anonymous and must BE Integrated Windows Auth
At least one the systems must be restarted after setting is made.

Anyone in the GROUP will be allowed access. Others will not.

Yes, you need the useDefaultCredentials to true.

My app is a 3 tier app.
Client -> Server -> remote SQL server. My server is the system running IIS. The remote objects on it have code to do
impersonation before access the SQL server. The SQL server must have security setup so that the GROUP can do whatever has to be
done.

Post by s***@gmail.com
Hello
I am hosting remoting within IIS. Everything works just fine as long as
I allow anonymous access at the IIS level.
When I allow only Windows Authenticated sessions, something very
If the client activates the remote object with IP address -
works fine
If the client activates it using a machine name - get http
401 exception is thrown.
The exception is thrown when the client calls the remote
method.
I set the channel's useDefaultCredentials property to true.
Any idea how to allow Windows Authentication?
System.Net.WebException: The remote server returned an error: (401)
Unauthorized
. ---> System.ComponentModel.Win32Exception: The target principal name
is incorrect
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob,
Boolean handshakeComplete)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob,
Boolean handshakeComplete)
at System.Net.NegotiateClient.DoAuthenticate(String challenge,
WebRequest webRequest, ICredentials credentials, Boolean
preAuthenticate)
at System.Net.NegotiateClient.DoAuthenticate(String challenge,
WebRequest webRequest, ICredentials credentials, Boolean
preAuthenticate)
at System.Net.NegotiateClient.Authenticate(String challenge,
WebRequest webRequest, ICredentials credentials)
at System.Net.AuthenticationManager.Authenticate(String challenge,
WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest
httpWebRequest, ICredentials authInfo)
--- End of inner exception stack trace ---
at
System.Runtime.Remoting.Channels.Http.HttpClientTransportSink.ProcessResponseException(WebException
webException, HttpWebResponse response)
at
System.Runtime.Remoting.Channels.Http.HttpClientTransportSink.ProcessMessage(IMessage
msg, ITransportHeaders requestHeaders, Stream requestStream,
ITransportHeaders& responseHeaders, Stream& responseStream)
at
System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
msg)
at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at Noga.Interfaces.IInformationReader.Get(RequestContext
requestContext, String dsId, String logicalQueryId, MessagesList&
messages)
at RemotingIISHosting.Client.Query() in d:\develop\smart
tests\remotingiishosting\client\class1.cs:line 43

-------------------------------------------
Roy Chastain
KMSYS Worldwide, Inc.
http://www.kmsys.com