Web Services Quiz: Issue 10


YAWSQ (Yet Another Web Services Quiz)

 

Let me describe the following scenario:

  • Web Service T1 contains an operation that returns a string
  • Web Service T2 calls Web Service T1 in the context of its own operation
  • Both Web Services run under IIS using the following security configuration:
    • “Integrated Windows Authentication” enabled
    • “Anonymous Access” disabled

Do you see a problem in the following implementation?

As always, answer and explanation will follow…

 

T1.asmx

   public class T1

   {

      [WebMethod]

      public string HelloWorld()

      {

         return "Hello World";

      }

   }

 

T2.asmx

   public class T2

   {

      [WebMethod]

      public string HelloWorld()

      {

         t1.T1 t1 = new OrderSrv.t1.T1();

         return t1.HelloWorld();

      }

   }

Comments (3)
  1. Anonymous says:

    I think T2 will try to call T1 anonymously

  2. Anonymous says:

    You have forgotten to initialize the t1.Credentials member…

    t1.Credentials = System.Net.CredentialCache.DefaultCredentials

    But you have to think about a couple of things… under which account is the service T2 running? And more questions: are both web services running on the same machine or on different machines (if different machines – which account have you used for the T2 service … is the machine of the T1 service aware of the account?) … and another one: if the web services running on different machines and the client runs on another, different machine as well – have you configured Kerberos delegation appropriately? Question over question over question … if I know that all I can give you the correct answer… :-))

Comments are closed.

Skip to main content