0

When I was writing the custom page using tridion 2011 core services from my local, I used my tridion credential to access the core services webservice.

Now when everything is done on my local :), I published my website and simply did below things on the Tridion CM server.

  • In the IIS I created new aplication website with name "CoreServices"
  • Used the application pool using Network USer
  • Copied my published website in the coreservice mapped folder.
  • Removed my credential from web config and implemented logic to read the user details who is accessing the website/custom page

  • Now when I am trying to access the coreservice website, I am getting below error

    Access is denied for the user NT AUTHORITY\NETWORK SERVICE. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ServiceModel.FaultException`1[[Tridion.ContentManager.CoreService.Client.CoreServiceFault, Tridion.ContentManager.CoreService.Client, Version=6.1.0.996, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b]]: Access is denied for the user NT AUTHORITY\NETWORK SERVICE.

please suggest!!

EDIT: I can see NT AUTHORITY\NETWORK SERVICE is been already added to my Tridion MMC, please below screenshot:

enter image description here

Manoj Singh
  • 7,569
  • 34
  • 119
  • 198
  • This is answered here: https://stackoverflow.com/questions/12044338/tridion-coreservice-authentication-impersonation – johnwinter Jan 16 '13 at 07:50
  • I have already checked this link and does not solved my issue, do I need to give some more permissions to my IIS application or some handling from code. – Manoj Singh Jan 16 '13 at 08:11

2 Answers2

2

This message indicates that the core service is being successfully called by your code and that your network credentials are successfully recognised, but that Tridion isn't granting access. There are two possible scenarios here:

  1. You wish Tridion to use the NETWORK SERVICE identity as the Trustee under which to act. In this case, NETWORK SERVICE would be added as a User. This would be an unusual configuration, as you will commonly want NETWORK SERVICE to be an impersonation user for other purposes.
  2. You wish to connect to Tridion as NETWORK SERVICE, but then have Tridion act as a different Trustee. In this scenario, NETWORK SERVICE should be configured as an impersonation user in the management snap-in, and you must call the Impersonate method as described in the question John linked to (Tridion CoreService Authentication/Impersonation)

The second of these two approaches is almost certainly what you want. I've really only described the first by way of explanation.

Community
  • 1
  • 1
Dominic Cronin
  • 6,062
  • 2
  • 23
  • 56
  • Thanks Dominic, so which scenario you would suggest as I want user who is accessing the custom page from his machine,his details should be added in tridion history if he does some modification in component or pages – Manoj Singh Jan 16 '13 at 08:47
  • Then you will want the impersonation approach. – Dominic Cronin Jan 16 '13 at 09:08
  • I have added screen shot will show the NT AUTHORITY\NETWORK SERVICE entry for impersonation, what other thing can I check – Manoj Singh Jan 16 '13 at 10:35
1

try this if it works for you, I haven't tried this so not sure that it will work

var remoteAddress = new EndpointAddress(Settings.EndpointAddress);
ProxyClient = new CoreServiceClient(basicHttpBinding, remoteAddress);
ProxyClient.ClientCredentials.Windows.AllowNtlm = true;
ProxyClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
ProxyClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;