locked
MDS application via reverse proxy RRS feed

  • Question

  • Hi,

    we are trying to expose MDS application so that users can connect without VPN. Using UAG I managed to expose the web application (users type their credential in the login form and are redirected to the web application; address translation being done by UAG), it works fine.

    However the Excel Add-in throws authentication exceptions related to WCF authentication.

    TITLE: Master Data Services Add-in for Excel
    ------------------------------

    The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Basic Realm="my public URL"'.

    ------------------------------
    ADDITIONAL INFORMATION:

    The remote server returned an error: (401) Unauthorized. (System)

    ------------------------------


    Half Scheidl

    Tuesday, January 22, 2013 8:16 PM

Answers

  • Are the clients domain-joined?  If they are and the MDS server is configured to be in the "Local Intranet" zone for them, then they should be able to do NTLM auth without presenting credentials from both IE and Excel.

    Otherwise, Excel needs stored credentials to connect,  as there's no UI to pop up a credential dialog.  If you log into the web site first and click the "Save Credentials" box on the popup you get from IE, you should thereafter be able to use Excel.  Or equivalently use Control Panel\User Accounts\Credential Manager to save their Windows credentials for use with the MDS web server.

    David


    David http://blogs.msdn.com/b/dbrowne/

    Tuesday, January 22, 2013 8:26 PM

All replies

  • Are the clients domain-joined?  If they are and the MDS server is configured to be in the "Local Intranet" zone for them, then they should be able to do NTLM auth without presenting credentials from both IE and Excel.

    Otherwise, Excel needs stored credentials to connect,  as there's no UI to pop up a credential dialog.  If you log into the web site first and click the "Save Credentials" box on the popup you get from IE, you should thereafter be able to use Excel.  Or equivalently use Control Panel\User Accounts\Credential Manager to save their Windows credentials for use with the MDS web server.

    David


    David http://blogs.msdn.com/b/dbrowne/

    Tuesday, January 22, 2013 8:26 PM
  • Thanks David!

    The clients are not domain-joined. I will try the other options you mentioned.

    Do you think it still works, given that IE is not showing any pop ups. I'm not sure how familiar you are with the ForeFront, but the credentials are typed in the page, not in a dialog.


    Half Scheidl

    Wednesday, January 23, 2013 2:58 PM