One of our apps uses a wide variety of authentication methods to call web services, and Enterprise Authentication is enabled, but when users connect via the same connections when on over a VPN connection (for example) the connections will always fail authentication.
For example is a service URL is a SharePoint web service, using Basic authentication, it's fine via the Web and via our app, but if you connect via VPN it will always fail via the app, but Web is still fine. We have a hunch is may need Digest authentication in this scenario (not 100% sure, but likely) but it seems as though the WinRT namespaces have AllowImpersonationLevel REMOVED for HttpDigest. This is available in the full .NET Framework.
So the question is a) Is it correct to assume that we need to try via Digest when tunneling through VPN, and if so, HOW do we tell the proxy/client to dynamically use Digest in code? The error is always:
The impersonation level 'Identification' was specified, yet HTTP Digest authentication can only support 'Impersonation' level when used with an explicit credential.
This setting can be change for ClientCredentials.Windows, but NOT on ClientCredentials.HttpDigest.
Thoughts? Again, ALL we need to do is figure out HOW and WHAT changes when tunneling through a VPN. The headers via Fiddler look exactly the same.
Scott J. Peterson, MCSD, MCPSB, MCT
No comments:
Post a Comment