i having issues exposing information internal users can access users regularly travel outside of our internal network.
the way things work have program accesses wcf service hosted on public facing secured web site. when user using our internal network, service works fine. however, user goes out of network (say hotel) being getting 401: not authorized errors.
sometimes following underlying causes
- request unauthorized client authentication scheme ‘anonymous’. header received ‘ntlm, negotiate’
- the system cannot contact domain controller service authentication request
- the trust relationship between workstation , primary domain failed.
there workaround not entirely thrilled with, manually adding credentials (domain/username password) windows credential manager, works until point credentials cleared , process starts again. when happens, users can navigate services in browser , consume them in program.
this binding using wcf service
<basichttpbinding> <binding name="securehttpbinding" maxreceivedmessagesize="2147483647" maxbuffersize="2147483647" maxbufferpoolsize="2147483647"> <security mode="transport"> <transport clientcredentialtype="windows" /> </security> </binding> </basichttpbinding> it seems based on windows credential manager fix should able use users active directory account manage authentication service.
i wondering if possible deploy service allow access remote users based on them having signed account our domain.
exposing internal endpoints directly outside world not practice. use external bus, don’t need open firewall ports. example, can better use azure service bus, it’s more secure , reliable allowing direct connections internal network.
connect on-premises applications cloud
service bus relay solves challenges of communicating between on-premises applications , outside world allowing on-premises web services project public endpoints. systems can access these web services, continue run on-premises anywhere on planet.
Comments
Post a Comment