B
Benjamin Peikes
Guest
Having a strange issue where WinInet is failing to authenticate using users logged in credentials if I connect to an internal service by name, but not if I connect by IP.
In one of our environments, which sits in its own domain, DOM1, our client can connect to our WCF services using the name of the server, ie http://machine_name
ort/service.
In another environment, in domain DOM2, the client can authenticate automatically using http://sss.xxx.yyy.zzzort/service, but if we configure the client to connect using the machine name, it connects, but fails to authenticate using integrated security. We end up having to fall back on basic, which we want to avoid.
That said, we could switch to using IP numbers to connect, but it doesn’t make any sense to me.
The way the code works, is that I make a call using HttpSendRequest, and if I get a 401 and the returned header has "Authenticate: Negotiate", I just make another call to HttpSendRequest. On our other machines this works if the initial call to InternetConnect is performed with IPs or machine names, but on one of our machines, in DOM2, this does not work unless I use IP addresses.
Continue reading...
In one of our environments, which sits in its own domain, DOM1, our client can connect to our WCF services using the name of the server, ie http://machine_name
ort/service.In another environment, in domain DOM2, the client can authenticate automatically using http://sss.xxx.yyy.zzz
ort/service, but if we configure the client to connect using the machine name, it connects, but fails to authenticate using integrated security. We end up having to fall back on basic, which we want to avoid.That said, we could switch to using IP numbers to connect, but it doesn’t make any sense to me.
The way the code works, is that I make a call using HttpSendRequest, and if I get a 401 and the returned header has "Authenticate: Negotiate", I just make another call to HttpSendRequest. On our other machines this works if the initial call to InternetConnect is performed with IPs or machine names, but on one of our machines, in DOM2, this does not work unless I use IP addresses.
Continue reading...