My setup involves a website using windows authentication. A page on this site has a managed user control (Activex) which also makes calles to a webservice on the same web server and It also uses WebClient to load certain XML files from the server. The website, webservice and virtiual directory where the XML files are located are all Windows Authenticated.
My issue happens on a system, where the domain the user logged in is not in trusted sites (with the domain of the web server) and the IIS throws a login dialog. The user logs in with the credentails of a trusted account and browses the website. When the ActiveX begins making calls to the webservice and also when it loads the XML files, the requests are from the currently logged in user (of the m/c) rather than the impersonated user.
I can track those request from IIS Logs:
2013-03-12 17:19:22 MYIPADDRESS POST /MyWebService/Service1.asmx - 80 DOMAIN\USERID_OF_USER_ON_MACHINE IPADDRESS Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.4963) 401 2 5 109
I have added the following lines where required:
mywebservice.Credentials = System.Net.CredentialCache.DefaultCredentials; (I tried DefaultNetworkCredentials) as well.
mywebclient.Credentials = System.Net.CredentialCache.DefaultCredentials;(I tried DefaultNetworkCredentials) as well.
If upon getting the login dialog in the website, I choose to save the credentails, everything works fine and the webservice is called with the impersonated user. Buit this is really not the solution for us.
A colleague suggested, it could be something to do with appdomain thats gets automatically created for the user control. But I am not sure.
How can I make the requests from the trusted account (the one who is accessing IE)?
Webserver: Windows2008 R2, IIS 7.5, >net Framework 4.5
Client: Windows 7, .Net Framework 4.5, IE9