Kerberos Sharepoint
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Kerberos Sharepoint

 
Post new topic   Reply to topic    Windows Server Forum Index -> Portal Server Development
Author Message
Masse
Guest
Posted: Wed Oct 26, 2005 12:51 pm    Post subject: Kerberos Sharepoint Reply with quote
Hi

We have a kerberos problem, I think.
We have a webapplication calling Sharepoint webservices on an another server.
Server1 Windows2003- Webserver + webbapplication
Server2 Windows2003- Sharepoint

When we try to call any method in these webservices we get the following
error:

Stack Trace:
[WebException: The request failed with HTTP status 401: Unauthorized.]

System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall) +1296
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) +218
Ibitec.iSec.Services.WSS.SitesWS.Sites.GetSiteTemplates(UInt32 LCID,
Template[]& TemplateList)
Ibitec.iSec.Services.WSS.Data.WSSHandler.GetSiteTemplateList(String
webUrl, NetworkCredential credentials, Int32 lcid)
Ibitec.iSec.Services.WSS.Business.WSSHandler.GetSiteTemplateList(String
webUrl, NetworkCredential credentials, Int32 lcid)
Ibitec.iSec.Services.WSS.Main.LoadData(String inData)
Ibitec.iSec.Web._Default.LoadServiceControlToPage(String controlName) in
c:\inetpub\wwwroot\iSec.Web\Default.aspx.cs:111
Ibitec.iSec.Web._Default.EventHandling(Object sender, TreeViewEventArgs
args) in c:\inetpub\wwwroot\iSec.Web\Default.aspx.cs:76
Ibitec.iSec.Web.NavigationControl.TreeView_Click(Object sender,
TreeViewClickEventArgs e) in
c:\inetpub\wwwroot\iSec.Web\NavigationControl.ascx.cs:209
Microsoft.Web.UI.WebControls.TreeView.OnCheck(TreeViewClickEventArgs e) +21
Microsoft.Web.UI.WebControls.TreeView.RaisePostDataChangedEvent() +292

Microsoft.Web.UI.WebControls.BasePostBackControl.System.Web.UI.IPostBackDataHandler.RaisePostDataChangedEvent() +7
System.Web.UI.Page.RaiseChangedEvents() +115
System.Web.UI.Page.ProcessRequestMain() +1099

The strange thing is that if we are logged on the webservermachine and
browse to
the application instead of browsing from my PC everything works fine.

We have delegated kerberos to both machines.
Please help.

Regards
Masse
Back to top
D Jacobsen
Guest
Posted: Wed Oct 26, 2005 4:51 pm    Post subject: Re: Kerberos Sharepoint Reply with quote
If you are using impersonation for the call this is probably the
double-hop problem. If Kerberos Authentication is used and the same
user credentials are passed and used in the entire call chain of the
three machines. Both delegation should be set up corrrectly using the
UI for this but all Service Principal Names SPN's should also be setup
correctly.

See:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx

What you should also notice is that SharePoint sets up its website to
use NTLM authentication instead of Kerberos. So this might be the first
problem. This is changed by editing the metabase file containing the
settings for the IIS.

Regards
Dan
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Portal Server Development All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB