Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > IIS Web Service 401 Error with Integrated Windows Authentication

Reply
Thread Tools

IIS Web Service 401 Error with Integrated Windows Authentication

 
 
DownUnder
Guest
Posts: n/a
 
      08-18-2004

Hi,

I have 401 Error when I try to invoke an ASP Web Service through a client if
Windows Authentication is used.

To identify the reason, I built a simple "Hellow World" Web Service that I
can successfully invoke using IE (regardless of the authentication type
configured in IIS).

I can invoke the same Web Service by another client successfully if the
authentication type is Anonymous (regardless of the actual user who it runs
under).

However, if the Integrated Windows Authentication is ticked, invoking the
service fails (even for the users configured for Anonymous access).

I tried it on XP Professional and IIS 6. (However, I have the same result on
Win2K3.)

Help is very much appreciated.

DownUnder.

 
Reply With Quote
 
 
 
 
Raterus
Guest
Posts: n/a
 
      08-18-2004
Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's

http://support.microsoft.com/default.aspx?kbid=294382

--Michael

"DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
>
> Hi,
>
> I have 401 Error when I try to invoke an ASP Web Service through a client if
> Windows Authentication is used.
>
> To identify the reason, I built a simple "Hellow World" Web Service that I
> can successfully invoke using IE (regardless of the authentication type
> configured in IIS).
>
> I can invoke the same Web Service by another client successfully if the
> authentication type is Anonymous (regardless of the actual user who it runs
> under).
>
> However, if the Integrated Windows Authentication is ticked, invoking the
> service fails (even for the users configured for Anonymous access).
>
> I tried it on XP Professional and IIS 6. (However, I have the same result on
> Win2K3.)
>
> Help is very much appreciated.
>
> DownUnder.
>

 
Reply With Quote
 
 
 
 
Raterus
Guest
Posts: n/a
 
      08-18-2004
That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.

For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.

--Michael

"DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
>
> Thanks for the reply, Michael. The problem is not definitely related to the
> webserver name since the problem happens when the authentication type is
> changed (everything else being the same).
>
> My internet search today has given me some clue. It looks like I need to set
> the "Credentials" for the service programmatically to "DefaultCredentials" in
> the client code.
>
> I donot know much about that topic and I am not sure why this is not done
> automatically. I am also surprised to learn that it needs to be done in the
> client programmatically. I have tried it and it seems to solve the problem I
> had. However, I need to find out and learn more about the topic.
>
> Regards,
>
> DownUnder.
>
>
>
>
>
> "Raterus" wrote:
>
> > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> >
> > http://support.microsoft.com/default.aspx?kbid=294382
> >
> > --Michael
> >
> > "DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > >
> > > Hi,
> > >
> > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > Windows Authentication is used.
> > >
> > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > can successfully invoke using IE (regardless of the authentication type
> > > configured in IIS).
> > >
> > > I can invoke the same Web Service by another client successfully if the
> > > authentication type is Anonymous (regardless of the actual user who it runs
> > > under).
> > >
> > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > service fails (even for the users configured for Anonymous access).
> > >
> > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > Win2K3.)
> > >
> > > Help is very much appreciated.
> > >
> > > DownUnder.
> > >

> >

 
Reply With Quote
 
DownUnder
Guest
Posts: n/a
 
      08-18-2004

You are right. When I think about it, it makes sense to me as well.

However, I am still surprised that I have not seen any note of those
credentials on the client site (being set the way it is on the service
object) before. For some reason (probably the lack of knowledge), I always
thought the credentials were passed automatically.

Is there any good documentation about that general subject?




"Raterus" wrote:

> That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.
>
> For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.
>
> --Michael
>
> "DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> >
> > Thanks for the reply, Michael. The problem is not definitely related to the
> > webserver name since the problem happens when the authentication type is
> > changed (everything else being the same).
> >
> > My internet search today has given me some clue. It looks like I need to set
> > the "Credentials" for the service programmatically to "DefaultCredentials" in
> > the client code.
> >
> > I donot know much about that topic and I am not sure why this is not done
> > automatically. I am also surprised to learn that it needs to be done in the
> > client programmatically. I have tried it and it seems to solve the problem I
> > had. However, I need to find out and learn more about the topic.
> >
> > Regards,
> >
> > DownUnder.
> >
> >
> >
> >
> >
> > "Raterus" wrote:
> >
> > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> > >
> > > http://support.microsoft.com/default.aspx?kbid=294382
> > >
> > > --Michael
> > >
> > > "DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > > >
> > > > Hi,
> > > >
> > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > > Windows Authentication is used.
> > > >
> > > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > > can successfully invoke using IE (regardless of the authentication type
> > > > configured in IIS).
> > > >
> > > > I can invoke the same Web Service by another client successfully if the
> > > > authentication type is Anonymous (regardless of the actual user who it runs
> > > > under).
> > > >
> > > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > > service fails (even for the users configured for Anonymous access).
> > > >
> > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > > Win2K3.)
> > > >
> > > > Help is very much appreciated.
> > > >
> > > > DownUnder.
> > > >
> > >

>

 
Reply With Quote
 
DownUnder
Guest
Posts: n/a
 
      08-18-2004

I think I now know the reason why I was led to think that the credentials
are passed automatically:

It is the "impersonation" setting that I was using (on the server side). I
thought when that setting was used in the web.config file, the credentials
from the client were passed automatically somehow. I was wrong...they need to
be set on the client explicitly as the following KB article states.

"http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318"


"DownUnder" wrote:

>
> Thanks for the reply, Michael. The problem is not definitely related to the
> webserver name since the problem happens when the authentication type is
> changed (everything else being the same).
>
> My internet search today has given me some clue. It looks like I need to set
> the "Credentials" for the service programmatically to "DefaultCredentials" in
> the client code.
>
> I donot know much about that topic and I am not sure why this is not done
> automatically. I am also surprised to learn that it needs to be done in the
> client programmatically. I have tried it and it seems to solve the problem I
> had. However, I need to find out and learn more about the topic.
>
> Regards,
>
> DownUnder.
>
>
>
>
>
> "Raterus" wrote:
>
> > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> >
> > http://support.microsoft.com/default.aspx?kbid=294382
> >
> > --Michael
> >
> > "DownUnder" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > >
> > > Hi,
> > >
> > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > Windows Authentication is used.
> > >
> > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > can successfully invoke using IE (regardless of the authentication type
> > > configured in IIS).
> > >
> > > I can invoke the same Web Service by another client successfully if the
> > > authentication type is Anonymous (regardless of the actual user who it runs
> > > under).
> > >
> > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > service fails (even for the users configured for Anonymous access).
> > >
> > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > Win2K3.)
> > >
> > > Help is very much appreciated.
> > >
> > > DownUnder.
> > >

> >

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows authentication on a Web service returning Access Denied (401). Daniel Bass ASP .Net 5 02-06-2010 08:24 AM
Integrated Authentication - 401 Unauthorized Error randyh@newsgroups.nospam ASP .Net Web Services 1 11-11-2009 07:47 PM
IIS 7.0 and Windows Integrated Authentication? sqlman ASP .Net 1 07-28-2009 09:50 AM
Windows authentication on a Web service returning Access Denied (401). Daniel Bass ASP .Net Security 3 02-11-2004 01:28 PM
Accessing Windows integrated authentication with web service proxy Frank ASP .Net Web Services 0 11-26-2003 03:36 AM



Advertisments