«

Hi,

I have 401 Error when I try to invoke an ASP Web Service through a client if
Windows Authentication is used.

To identify the reason, I built a simple "Hellow World" Web Service that I
can successfully invoke using IE (regardless of the authentication type
configured in IIS).

I can invoke the same Web Service by another client successfully if the
authentication type is Anonymous (regardless of the actual user who it runs
under).

However, if the Integrated Windows Authentication is ticked, invoking the
service fails (even for the users configured for Anonymous access).

I tried it on XP Professional and IIS 6. (However, I have the same result on
Win2K3.)

Help is very much appreciated.

DownUnder.

Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's

http://support.microsoft.com/default.aspx?kbid=294382

--Michael

"DownUnder" <> wrote in message news:F66965B4-1B93-4264-90F2-...
>
> Hi,
>
> I have 401 Error when I try to invoke an ASP Web Service through a client if
> Windows Authentication is used.
>
> To identify the reason, I built a simple "Hellow World" Web Service that I
> can successfully invoke using IE (regardless of the authentication type
> configured in IIS).
>
> I can invoke the same Web Service by another client successfully if the
> authentication type is Anonymous (regardless of the actual user who it runs
> under).
>
> However, if the Integrated Windows Authentication is ticked, invoking the
> service fails (even for the users configured for Anonymous access).
>
> I tried it on XP Professional and IIS 6. (However, I have the same result on
> Win2K3.)
>
> Help is very much appreciated.
>
> DownUnder.
>

That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.

For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.

--Michael

"DownUnder" <> wrote in message news:C2872BCE-B9CA-4A04-B4F1-...
>
> Thanks for the reply, Michael. The problem is not definitely related to the
> webserver name since the problem happens when the authentication type is
> changed (everything else being the same).
>
> My internet search today has given me some clue. It looks like I need to set
> the "Credentials" for the service programmatically to "DefaultCredentials" in
> the client code.
>
> I donot know much about that topic and I am not sure why this is not done
> automatically. I am also surprised to learn that it needs to be done in the
> client programmatically. I have tried it and it seems to solve the problem I
> had. However, I need to find out and learn more about the topic.
>
> Regards,
>
> DownUnder.
>
>
>
>
>
> "Raterus" wrote:
>
> > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> >
> > http://support.microsoft.com/default.aspx?kbid=294382
> >
> > --Michael
> >
> > "DownUnder" <> wrote in message news:F66965B4-1B93-4264-90F2-...
> > >
> > > Hi,
> > >
> > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > Windows Authentication is used.
> > >
> > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > can successfully invoke using IE (regardless of the authentication type
> > > configured in IIS).
> > >
> > > I can invoke the same Web Service by another client successfully if the
> > > authentication type is Anonymous (regardless of the actual user who it runs
> > > under).
> > >
> > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > service fails (even for the users configured for Anonymous access).
> > >
> > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > Win2K3.)
> > >
> > > Help is very much appreciated.
> > >
> > > DownUnder.
> > >
> >

You are right. When I think about it, it makes sense to me as well.

However, I am still surprised that I have not seen any note of those
credentials on the client site (being set the way it is on the service
object) before. For some reason (probably the lack of knowledge), I always
thought the credentials were passed automatically.

Is there any good documentation about that general subject?




"Raterus" wrote:

> That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.
>
> For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.
>
> --Michael
>
> "DownUnder" <> wrote in message news:C2872BCE-B9CA-4A04-B4F1-...
> >
> > Thanks for the reply, Michael. The problem is not definitely related to the
> > webserver name since the problem happens when the authentication type is
> > changed (everything else being the same).
> >
> > My internet search today has given me some clue. It looks like I need to set
> > the "Credentials" for the service programmatically to "DefaultCredentials" in
> > the client code.
> >
> > I donot know much about that topic and I am not sure why this is not done
> > automatically. I am also surprised to learn that it needs to be done in the
> > client programmatically. I have tried it and it seems to solve the problem I
> > had. However, I need to find out and learn more about the topic.
> >
> > Regards,
> >
> > DownUnder.
> >
> >
> >
> >
> >
> > "Raterus" wrote:
> >
> > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> > >
> > > http://support.microsoft.com/default.aspx?kbid=294382
> > >
> > > --Michael
> > >
> > > "DownUnder" <> wrote in message news:F66965B4-1B93-4264-90F2-...
> > > >
> > > > Hi,
> > > >
> > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > > Windows Authentication is used.
> > > >
> > > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > > can successfully invoke using IE (regardless of the authentication type
> > > > configured in IIS).
> > > >
> > > > I can invoke the same Web Service by another client successfully if the
> > > > authentication type is Anonymous (regardless of the actual user who it runs
> > > > under).
> > > >
> > > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > > service fails (even for the users configured for Anonymous access).
> > > >
> > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > > Win2K3.)
> > > >
> > > > Help is very much appreciated.
> > > >
> > > > DownUnder.
> > > >
> > >
>

I think I now know the reason why I was led to think that the credentials
are passed automatically:

It is the "impersonation" setting that I was using (on the server side). I
thought when that setting was used in the web.config file, the credentials
from the client were passed automatically somehow. I was wrong...they need to
be set on the client explicitly as the following KB article states.

"http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318"


"DownUnder" wrote:

>
> Thanks for the reply, Michael. The problem is not definitely related to the
> webserver name since the problem happens when the authentication type is
> changed (everything else being the same).
>
> My internet search today has given me some clue. It looks like I need to set
> the "Credentials" for the service programmatically to "DefaultCredentials" in
> the client code.
>
> I donot know much about that topic and I am not sure why this is not done
> automatically. I am also surprised to learn that it needs to be done in the
> client programmatically. I have tried it and it seems to solve the problem I
> had. However, I need to find out and learn more about the topic.
>
> Regards,
>
> DownUnder.
>
>
>
>
>
> "Raterus" wrote:
>
> > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
> >
> > http://support.microsoft.com/default.aspx?kbid=294382
> >
> > --Michael
> >
> > "DownUnder" <> wrote in message news:F66965B4-1B93-4264-90F2-...
> > >
> > > Hi,
> > >
> > > I have 401 Error when I try to invoke an ASP Web Service through a client if
> > > Windows Authentication is used.
> > >
> > > To identify the reason, I built a simple "Hellow World" Web Service that I
> > > can successfully invoke using IE (regardless of the authentication type
> > > configured in IIS).
> > >
> > > I can invoke the same Web Service by another client successfully if the
> > > authentication type is Anonymous (regardless of the actual user who it runs
> > > under).
> > >
> > > However, if the Integrated Windows Authentication is ticked, invoking the
> > > service fails (even for the users configured for Anonymous access).
> > >
> > > I tried it on XP Professional and IIS 6. (However, I have the same result on
> > > Win2K3.)
> > >
> > > Help is very much appreciated.
> > >
> > > DownUnder.
> > >
> >