Hi Mark,
I think your permission settnigs are not quite right in the web.config file. You just need the deny="?" - not the allow="*". I'm not sure if that matters, but I know I run with deny="?" only for these things to deny unauthenticated users. Also you shouldn't need to change IIS settings as the web.config setting will force the authentication on anything that runs through the .NET runtime (ie. ASPX, ASMX requests, but not plain HTM or GIF etc.). Just make sure that Windows Authentication is enabled there...
If you turn on this option your Web Services client will have to authenticate obviously <g>. Which means you have to set the user's credentials as part of the client call.
If you're using the SOAP Toolkit on the client to call the service you'll need to use something like this:
THISFORM.oNet = CREATEOBJECT("MSSOAP.SoapClient30")
THISFORM.oNet.MSSOAPInit(lcWSDLURL)
thisform.oNet.ConnectorProperty("AuthUser")=lcUsername
thisform.oNet.ConnectorProperty("AuthPassword")=lcPassword
+++ Rick ---
>Hi rick
>
>As I thought.
>I was advised to use session variables to get around this problem, this did not resolve the problem
>
>So just to reiterate what you are saying.
>
>in the Web Config File,
>Ensure that Impersonation is set to true
>Ensure that authentication is set to windows
>Ensure that Authorisation is set as allow *, deny ?
>
>And Switch off "Allow annonymous " In IIS.
>This should ensure that each user is an owner of an instance of a Com DLL.
>
>If this is correct, I have another problem, which is largely due to lack of knowledge and Is Common to Dll Specific Code and Non Dll Specific Code.
>
>I have created a webmethod which basically just returns the old faithful "Hello world "
>
>Scenario 1.
> Allow anonymous access unticked
> Envoke "hello World" web service method from Asmx file on server
> Hello World returned
>
> envoke "hello world" web service method within Windows application on PC
> Error 401 Access denied
>
>
>Scenario 2.
> Allw Anonymous access ticked
> Envoke "hello World" web service method from Asmx file on server
> Hello World returned
>
> envoke "hello world" web service method within Windows application on PC
> Hello World returned
>
>I know it is access rights but I have looked all over the web service on the server and It appears everyone has access rights to all Files
>
>Have you any Ideas, I know it is probably something very simple
>
>
>>Hi Mark,
>>
>>>the only problem is that it appears that all the users are being channelled through ASPNET user thus for some reason they are all using the same instance of the VFP Com Object.
>>
>>Yes that would be the default behavior for ASP.NET. It doesn't impersonate, but rather uses a fixed account for its authentication. I'm not sure though why that would cause the COM object to only use a single instance - the user should have no effect on that unless your calling scheme (Com object calling another Com object with specific rights) somehow ends up serializing the calls.
>>
>>You can change the authentication in web.config by specifying that you want to use Impersonation.
>>
>>There's some related info in a WebLog entry of mine a while back:
>>
>>
http://west-wind.com/weblog/posts/295.aspx>>
>>Once you have ASP.NET impersonate you get a logged on user or IUSR_ for anonymous requests.
>>
>>If this works within a full Web site you'd want to place the web.config file into a subdirectory specifically for the Web Service so that the rest of the Web Site doesn't need to use impersonation - only the Web Service or whatever specific requests requires it as this is generally not the best way to do this due to security concerns (however minimal they may be).
>>
>>+++ Rick ---
