bsmith01

I am in the process of prototyping a webpart that integrates with secure web services. I have not had any luck finding a way to pass along a user's network credentials from my webpart to a secure web service. I am trying to avoid prompting users for their credentials and storing them. As far as I can tell from my web search, my code should look something like this;

Code Block

MyWebService ws = new MyWebService();
ws.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
ws.helloWorld();



The problem is, the NetworkCredential object returned by System.Net.CredentialCache.DefaultNetworkCredentials is empty. The object itself is not null, but if you look at its properties, they contain empty values (UserName=""). Several threads on this forum talk about the same issue, but I have not see a solution to this problem. How can I get the NetworkCredentials for the current user in a Sharepoint webpart The only thing I can think of that I am missing is a specific IPermission in the SP CAS file I am currently using the WSS_Medium policy file.

Even if I could get the DefaultNetworkCredentials object from SP, would I run into the notorious double-hop issue This webpart will be used on more than one SP instance, so requireing Kerberose is out of the questions.

Thanks for the help.

- Tyson



Re: SharePoint - Development and Programming Webparts and Secure Web Services

Ali Sedehi

Change WSS_Medium to Full.




Re: SharePoint - Development and Programming Webparts and Secure Web Services

bsmith01

No dice. The DefaultNetworkCredentials object still contains empty values. Ironically, the System.Web.HttpContext.Current.User.Identity object has the correct user info. Unfortunatley I cannot seem to find a way to cast an IPrincple object to an ICredentials object. Thanks for the suggestion.

- Tyson




Re: SharePoint - Development and Programming Webparts and Secure Web Services

Ali Sedehi

ok...you can also set the username password for the credentials:

Dim cred As New NetworkCredential(System.Configuration.ConfigurationManager.AppSettings("TPLogin"), _
System.Configuration.ConfigurationManager.AppSettings("TPPassword"))

That is what we did...and it worked....




Re: SharePoint - Development and Programming Webparts and Secure Web Services

bsmith01

Thanks for the suggestion but I am not storing user names and passwords in the web.config file. I do not have access to the user's password (unless I ask for it), which is why I was trying to retrieve the DefaultNetworkCredentials.

- Tyson




Re: SharePoint - Development and Programming Webparts and Secure Web Services

Ali Sedehi

we weren't getting the user name either; you can do impersonation.....but just to test it you can you hardcode a username/pwd to see if it works, and then go from there.






Re: SharePoint - Development and Programming Webparts and Secure Web Services

Chase M

I think you're stuck in the 'double-hop' scenario. The user passed their credentials to the web page, but you cannot pass them on somewhere else for them.

Here's a good article that explains the issue and some options:

http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx

Chase





Re: SharePoint - Development and Programming Webparts and Secure Web Services

bsmith01

You are correct Chase. It looks like SSO or Kerberose is my best option.