Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
SOAP and authentication
Message
 
To
21/09/2001 03:52:07
Kim Ann Kueh
Subang Jaya, Malaysia
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: SOAP and authentication
Miscellaneous
Thread ID:
00559147
Message ID:
00559619
Views:
15
>Dear all,
>
>I know this is a off topic. I have a dll done in VFP7 that access data from SQL2000 via OLEDB(without DSN). The client calls the dll via SOAP. The problem is that I do not seem to be able to connect to SQL server when the logon method is set to Windows Integrated mode. Can someone point me the right direction? BTW, the IIS and SQL2000 sits on the same server with W2K server SP2. Thanks.

How do you have the Web Service set up? ASP or ISAPI? Are you running in COM+?

The issue here is that the user is getting logged on anonymously using the Web servier IUSR_ account wich most likely doesn't have access to your SQL box. So you need to establish an account that does have rights.

There are a several ways that you can do this:

If you're using an ASP page for your Web Service mark the page accessible in Explorer (file system) as only accessible by a specific user or group - IOW, remove anonymous access (IUSR_). Then set your SOAP client to send username and password info to the server. (see SOAP toolkit docs if you're using the MSSOAP toolkit).

Use COM+ to set the impersonation for your DLL. This will allow you to specify a user that the DLL runs under and you can set this up so that this is a user that access to the SQL Server. Problem here is if you do this there's no authentication occurring from the client - the Web service would just work for anyone accessing it. This may or may not be what you want... (ie. this is a scenario where you want anonymous users accessing your service)

Another way is to use Basic Authentication to validate users - you can do this by modifying the generated ASP page if you're using MSSOAP and adding the BA security check prior to the SOAP calls. This is similar to securing the page with permissions, but gives you the option of deciding at runtime who to allow through. You can also pass this through to the DLL if you have to by using the OnStartPage method to capture the ASP Context object and getting the Request object out of there so your VFP code can actually validate the user.


Hope this helps,

+++ Rick ---
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Previous
Reply
Map
View

Click here to load this message in the networking platform