July 29, 2009 at 12:52 pm
I can't figure out what account to grant access to in order to allow a clr stored procedure to call a webservice configured to use windows authentication. I've tried the accounts running the following services so far...
Sql Server service
Sql Agent service
SSIS service
(yes they all are running under domain accounts)
Even when i open up the webservice to "Everyone" the clr sproc still gets a http 401 access denied...
July 29, 2009 at 1:00 pm
I'm not a 100% sure but I think it follows the login of the user calling it, but we would need to know whether there was an EXECUTE AS on the creation of the sproc definition..
As an additional thought, does the web service log login failures, like what user was attempted..
CEWII
July 29, 2009 at 2:16 pm
It is the sql server service account but you have to pass those credentials explicitly to the web server:
[Microsoft.SqlServer.Server.SqlProcedure()]
public static void usp_HelloServer()
{
string response = string.Empty;
try
{
Service service = new Service();
//set the credentials explicitly else no identity is sent to the web server for authentication
service.Credentials = CredentialCache.DefaultNetworkCredentials; //this line is the gotcha!
response = service.HelloWorld();
}
catch (Exception e)
{
response = e.Message;
}
SqlContext.Pipe.Send(response);
}
July 31, 2009 at 8:47 am
Then I guess I would chose an account and send the credentials for it..
CEWII
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply