You are viewing limited content. For full access, please sign in.

Question

Question

Remote Connection to Workflow Service Reference is Unauthorized

Laserfiche Workflow SDK
Updated December 18, 2015
asked on December 11, 2015

I'm trying to connect to the Workflow API using a Service Reference in Visual Studio 2015. This works great when I'm developing on the same domain as the workflow server. Once I try to add the service on the DMZ where the service will actually be called from, it will connect though it prompts for credentials. If I provide the credentials, I can access the service reference from Visual Studio; however, when I run the webpage, it fails to authenticate.

I have Windows Authentication and Anonymous Authentication enabled for the Workflow server on IIS:

 

Here is the error received when navigating to the web page:

Do I have to provide credentials in the code somehow even though Anonymous Authentication is enabled? If I have to provide credentials, has anyone done this before with the Workflow Service? I wasn't successful in following the Transport Security with Windows Authentication guide, though I think it may be what I need to do. Unfortunately I'm not a strong C# developer, so any assistance would be appreciated.

Thank you.

0 0

Answer

SELECTED ANSWER
replied on December 18, 2015

I finally found the solution to this problem after hours of experimentation:

I ran the Workflow Configuration Manager on the Workflow server, as it prompts to return the Workflow Web Service authentication settings to default settings if they have been changed:

Once the defaults were refreshed, I enabled Windows and Anonymous Authentication for the Workflow web application in IIS (shown in the initial question). After that, I created a local Windows account on that server with full privileges to the Workflow web application. On the client web application that I was trying to connect to the web service, I supplied the username and password for that Windows account as a string:

WorkflowService.ClientCredentials.Windows.ClientCredential.UserName = "userName";
WorkflowService.ClientCredentials.Windows.ClientCredential.Password = "password";

The web.config bindings for the client application are as follows:

<binding name="BasicHttpBinding_IWorkflowAPIBase">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>

With this configuration, I was able to launch the workflow from the client application.

1 0

Replies

replied on December 14, 2015

Unless you are using impersonation or passing credentials in code, IIS will use the apppool credentials as default. You can set the apppool credentials in IIS by going to "Application Pools", click on the apppool that is servicing your app and click "Advanced Settings". Look for "Identity" and there you can set the credentials.

2 0
replied on December 14, 2015

Thanks for the reply!

I created a Windows user that had Full Control of the application in IIS, and specified that account as the default identity. Unfortunately, even when the account was given admin rights on the server, I still get the same 401: Unauthorized error. None of the other options helped either.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...