Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Andrew_S_Intel2
Employee
29 Views

SCS 5.0 Integrated Windows Authentication (follow-up)

Javier,

There's an issue with the previous thread (http://software.intel.com/en-us/forums/showthread.php?t=61036)that we're trying to debug now, I can't see any posts within the thread past October 8th, but I saw that you had made posts on Friday and today. Until we get that issue resolved, I wanted to follow-up with you in this thread about your current status with this issue.

Andy

0 Kudos
7 Replies
jacace
Black Belt
29 Views

Hello Andy,


I'm still getting an Unauthorized Exception when accessing the SCS Web Services by code, but when I try to access by a browser I'm able to see a Gsoap page (I mean, I can access SCS Web Services by a browser, but not by code).

I used the same credentials in the browser (in Windows Integrated authentication window) and in code.
I also tried the following with no results.
MyService.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;


Many thanks,


Javier Andrs

Andrew_S_Intel2
Employee
29 Views

Javier,

I haven't tried this yet so I'm not sure if it will help, but have you tried creating the NetworkCredential object with the username, password, and domain? Most of the examples in MSDN about NetworkCredential use the constructor with all three, so it seems like it'd be worth trying.

My understanding is thatwhen you don't use the domain argument, the .Net makes an assumption about what domain you're connecting to. Given that you're calling from a system that isn't part of the domain you're interested in, specifying the domain name seems reasonable.

jacace
Black Belt
29 Views

Hello Andy,
I forgot to mention that I have alsotried the followingwith no good results:
1)
NetworkCredential netCred = new NetworkCredential(UserName, UserPassword, Domain);
Service.Credentials = netCred;

2)

NetworkCredential netCred = new NetworkCredential("DomainUserName", UserPassword);
Service.Credentials = netCred;
3)
NetworkCredential netCred = new NetworkCredential(UserName, UserPassword);
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri(ServiceUrl), AuthScheme, netCred);
Service.Credentials = myCache;
4)
NetworkCredential netCred = new NetworkCredential("DomainUserName", UserPassword);
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri(ServiceUrl), AuthScheme, netCred);
Service.Credentials = myCache;
Thanks a lot,
Javier Andrs Cceres Alvis
jacace
Black Belt
29 Views

And this one also:
5)
NetworkCredential netCred = new NetworkCredential(UserName, UserPassword, Domain);
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri(ServiceUrl), AuthScheme, netCred);
Service.Credentials = myCache;
Thanks a lot,
Javier Andrs Cceres Alvis
Andrew_S_Intel2
Employee
29 Views

Javier,
Hmm, I think you've hit the edge of my current knowledge on the subject. The one time I tried to use the NetworkCredential object without using the DefaultCredentials, I had a great deal of trouble with it.
We do have a virtual bootcamp for vPro today, and I know there is a booth for SCS that should be staffed throughout the day. They might be able to answer your question better (plus, in real time). It's at http://events.unisfair.com/rt/isn~bootcamp. I'll see about redirecting the question to SCS support again as well.
Andy
Andrew_S_Intel2
Employee
29 Views

Following up our conversation about the virtual bootcamp today, and the successful debugging we did, I wanted to post the update here.
To test whether you can connectsuccessfully with the NetworkCredential (andwithout AMT), youenable connection to http as well as https. This is generally only good for debugging purposes, since now your configuration traffic would be in the clear.
This requires just a minor change to the IIS configuration.
  1. Bring up the IIS Manager (under Administrative tools)
  2. Expand the Web Site item in the list box, then expand the Default Web Site item under that (assuming you followed the standard SCS install)
  3. Right click on AMT
  4. Go to the Directory Security Tab of the property window, then click edit in the Secure Communications section.
  5. Uncheck the Require Secure Channel connection.

This lets you test your connection against just http. If this doesn't work, then connections against https are unlikely to work as well.

Javier, since your code worked against http, the next step is enabling https. If you go to page 45 of the SCS Installation guide (the top of the page hasExporting and Installing the CA Root Certificate on it), it tells you how to export the root certificate from your Certificate Authority. Then, you'll need to move that over to your client machine, and follow the instructions on how to put that into the trusted certificate store on the client machine.

After that, try connecting to https again. I think that will be sufficient, but if that still doesn't work, you can usethe SCS Console code that came with the SCS download as a reference point, it has certificate code in the Certificates.cs, _8021xProfileForm.cs, and ClientCertForm.cs C# files.

jacace
Black Belt
29 Views

Following up our conversation about the virtual bootcamp today, and the successful debugging we did, I wanted to post the update here.
To test whether you can connectsuccessfully with the NetworkCredential (andwithout AMT), youenable connection to http as well as https. This is generally only good for debugging purposes, since now your configuration traffic would be in the clear.
This requires just a minor change to the IIS configuration.
  1. Bring up the IIS Manager (under Administrative tools)
  2. Expand the Web Site item in the list box, then expand the Default Web Site item under that (assuming you followed the standard SCS install)
  3. Right click on AMT
  4. Go to the Directory Security Tab of the property window, then click edit in the Secure Communications section.
  5. Uncheck the Require Secure Channel connection.

This lets you test your connection against just http. If this doesn't work, then connections against https are unlikely to work as well.

Javier, since your code worked against http, the next step is enabling https. If you go to page 45 of the SCS Installation guide (the top of the page hasExporting and Installing the CA Root Certificate on it), it tells you how to export the root certificate from your Certificate Authority. Then, you'll need to move that over to your client machine, and follow the instructions on how to put that into the trusted certificate store on the client machine.

After that, try connecting to https again. I think that will be sufficient, but if that still doesn't work, you can usethe SCS Console code that came with the SCS download as a reference point, it has certificate code in the Certificates.cs, _8021xProfileForm.cs, and ClientCertForm.cs C# files.

Hello Andy,

Thanks again.

I'm going to check the reference code and I also think it will be enough.

Javier Andrs Cceres Alvis

Reply