From a web service, I need to call another web service within the same web site using windows authentication and asp.net impersonation
Background / System Information
- Windows Server 2008 Standard x64, IIS 7.0
- I have an IIS site containing individual IIS applications.
- Each application contains web services written in .NET 4.0, compiled with Any CPU.
- All applications share the same application pool. The application pool is set to .NET 4.0 and integrated pipeline.
- The site is setup for ASP.NET Impersonation and Windows Authentication.
- The site is only utilized within our domain / intranet.
- Client applications (C# applications not running on the Server 2008 box but within the domain) use the generated proxy classes to pass credentials using the method System.Net.CredentialCache.DefaultCredentials.
- We have some web service methods that need to call web service methods that exist in the same site, just another iis application under the site.
- When the first web service method calls the second web service method (via the generated proxy classes), passing the DefaultCredentials or the DefaultNetworkCredentials, I get a 401 unauthorized error.
Here is what I know and what I have tried
I have reviewed almost all of the articles on so and everyone talks about a double hop. I'm confused about the terminology of a double hop. I'm not hopping to a new machine, i'm on the current machine within the same web site. This isn't a double hop is it?
We have the same web services running as .NET 1.1 in IIS 6 on Windows Server 2003 and passing the DefaultCredentials to the second web service call works! no 401 errors. The web services setup on IIS 6 are all using the same application pool and are all setup as applications.
On my windows 7 development machine running IIS 7.5 I am able to make this work. I can call a web service using the proxy class from another web service, using the System.Net.CredentialCache.DefaultNetworkCredentials or the System.Net.CredentialCache.DefaultCredentials. It appears my win7 IIS 7.5 site and my server 2008 site are setup the same way.
I tried using a different application pool (integrated pipeline) for each application in my site and that didn't help (I didn't think it would).
When I set the application pool to classic the site won't start. I get service unavailable errors. This is odd because on my win7 machine I can use classic or integrated pipeline and it works fine.
I feel like i'm close. Any thoughts or input would be greatly appreciated!
My problem was Double Hop.