Ask a Question related to ASP.NET Security, Design and Development.
-
Colin Bowern #1
ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials
I'm trying to write an ASP.NET page that does on-the-fly XML/XSL
transformation. The code is as follows:
---
Dim xmlPath As String = Request.QueryString("xml")
Dim xslPath As String = Request.QueryString("xsl")
If (Len(xmlPath) <= 0) Or (Len(xslPath) <= 0) Then
Response.Write("xml or xsl query string parameter missing")
Response.End()
End If
Dim xtr As New XmlTextReader(xmlPath)
Dim resolver As XmlUrlResolver = New XmlUrlResolver
Dim doc As New XmlDocument
resolver.Credentials = CredentialCache.DefaultCredentials
xtr.XmlResolver = resolver
doc.Load(xtr)
Dim transform As New XslTransform
transform.Load(xslPath, resolver)
transform.Transform(doc, Nothing, Response.Output, resolver)
---
When I run this on my local dev box and request an xml document and xsl
stylesheet page from our development server which is running Windows
SharePoint Services it works great. When I publish the application to the
development server it doesn't seem to work. Instead I'm getting:
---
Server Error in '/tools/transformxml' Application.
----------------------------------------------------------------------------
----
The remote server returned an error: (401) Unauthorized.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote server returned an
error: (401) Unauthorized.
Source Error:
Line 39: resolver.Credentials = CredentialCache.DefaultCredentials
Line 40: xtr.XmlResolver = resolver
Line 41: doc.Load(xtr)
Line 42:
Line 43: ' Instantiate the XslTransform Object
Source File: c:\inetpub\devroot\tools\transformxml\inline.aspx Line: 41
Stack Trace:
[WebException: The remote server returned an error: (401) Unauthorized.]
System.Net.HttpWebRequest.CheckFinalStatus() +676
System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult) +139
System.Net.HttpWebRequest.GetResponse() +147
System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials
credentials) +65
System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials
credentials) +94
System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type
ofObjectToReturn) +55
System.Xml.XmlTextReader.CreateScanner() +384
System.Xml.XmlTextReader.Init() +23
System.Xml.XmlTextReader.Read() +530
System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean
preserveWhitespace) +80
System.Xml.XmlDocument.Load(XmlReader reader) +72
ASP.inline_aspx.__Render__control1(HtmlTextWriter __output, Control
parameterContainer) in c:\inetpub\devroot\tools\transformxml\inline.aspx: 41
System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
System.Web.UI.Page.ProcessRequestMain() +1929
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573
---
Checking out the IIS logs I that the code is making a request to the page
without any credentials. Notable entries in the web.config include:
---
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
---
I've got through KB article 306158 and I still can't seem to resolve this
issue. Any thoughts on what might prevent the XmlTextReader from pulling
the document?
Thanks!
Colin
Colin Bowern Guest
-
DefaultCredentials problem?
Hi All, this is the scenario: - "Hello World" web service on Machine A - winform client on Machine B - asp.net webform client on Machine B ... -
401 Unauthorized when using DefaultCredentials
Hi all I hope this is the right newsgroup. I'm having a hard time making a web request from an authenticated process. Here's the scenario Managed... -
Get DefaultCredentials of one web app into another?
We have a web app which links to another ASP.NET web application (namely the Microsoft CRM). Our app is launched in a new browser window from a link... -
HttpWebRequest, impersonation and DefaultCredentials problem.
I'm trying to create a HttpWebRequest object that uses the current logged in user's credentials. It's currently setup with: <identity... -
DefaultCredentials and WebClient
I'm trying to make a call inside an ASP.NET web application to an external quasi-web service (aka FrontPage Server Extensions): Dim rpcClient As... -
Colin Bowern #2 Re: ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials
Just a quick follow up, I should note that it works when I manually pass
credentials:
Dim myCreds As New NetworkCredential("myuser", "mypassword", "mydomain")
Dim myCache As New CredentialCache
myCache.Add(New Uri("http://dev.mydomain.net/"), "Basic", myCreds)
resolver.Credentials = myCache
But I don't want to have to embed credentials in code, which is why I was
hoping Basic/Windows Authentication would take care of the issue. The
virtual directory holding the application has anonymous authentication
turned off.
Cheers!
Colin
"Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message
news:...--> I'm trying to write an ASP.NET page that does on-the-fly XML/XSL
> transformation. The code is as follows:
>
> ---
> Dim xmlPath As String = Request.QueryString("xml")
> Dim xslPath As String = Request.QueryString("xsl")
>
> If (Len(xmlPath) <= 0) Or (Len(xslPath) <= 0) Then
> Response.Write("xml or xsl query string parameter missing")
> Response.End()
> End If
>
> Dim xtr As New XmlTextReader(xmlPath)
> Dim resolver As XmlUrlResolver = New XmlUrlResolver
> Dim doc As New XmlDocument
>
> resolver.Credentials = CredentialCache.DefaultCredentials
> xtr.XmlResolver = resolver
> doc.Load(xtr)
>
> Dim transform As New XslTransform
> transform.Load(xslPath, resolver)
>
> transform.Transform(doc, Nothing, Response.Output, resolver)
> ---
>
> When I run this on my local dev box and request an xml document and xsl
> stylesheet page from our development server which is running Windows
> SharePoint Services it works great. When I publish the application to the
> development server it doesn't seem to work. Instead I'm getting:
>
> ---
> Server Error in '/tools/transformxml' Application.
> --------------------------------------------------------------------------c:\inetpub\devroot\tools\transformxml\inline.aspx: 41> ----
>
> The remote server returned an error: (401) Unauthorized.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information
> about the error and where it originated in the code.
>
> Exception Details: System.Net.WebException: The remote server returned an
> error: (401) Unauthorized.
>
> Source Error:
>
> Line 39: resolver.Credentials = CredentialCache.DefaultCredentials
> Line 40: xtr.XmlResolver = resolver
> Line 41: doc.Load(xtr)
> Line 42:
> Line 43: ' Instantiate the XslTransform Object
>
>
> Source File: c:\inetpub\devroot\tools\transformxml\inline.aspx Line: 41
>
> Stack Trace:
>
> [WebException: The remote server returned an error: (401) Unauthorized.]
> System.Net.HttpWebRequest.CheckFinalStatus() +676
> System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult) +139
> System.Net.HttpWebRequest.GetResponse() +147
> System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials
> credentials) +65
> System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials
> credentials) +94
> System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type
> ofObjectToReturn) +55
> System.Xml.XmlTextReader.CreateScanner() +384
> System.Xml.XmlTextReader.Init() +23
> System.Xml.XmlTextReader.Read() +530
> System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean
> preserveWhitespace) +80
> System.Xml.XmlDocument.Load(XmlReader reader) +72
> ASP.inline_aspx.__Render__control1(HtmlTextWriter __output, Control
> parameterContainer) in--> System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
> System.Web.UI.Control.Render(HtmlTextWriter writer) +7
> System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
> System.Web.UI.Page.ProcessRequestMain() +1929
>
>
> --------------------------------------------------------------------------ASP.NET> ----
> Version Information: Microsoft .NET Framework Version:1.1.4322.573;> Version:1.1.4322.573
> ---
>
> Checking out the IIS logs I that the code is making a request to the page
> without any credentials. Notable entries in the web.config include:
>
> ---
> <authentication mode="Windows" />
> <identity impersonate="true" />
> <authorization>
> <deny users="?" />
> </authorization>
> ---
>
> I've got through KB article 306158 and I still can't seem to resolve this
> issue. Any thoughts on what might prevent the XmlTextReader from pulling
> the document?
>
> Thanks!
> Colin
>
>
Colin Bowern Guest
-
Colin Bowern #3 Re: ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials
Anyone have any thoughts on how to get the user credentials to pass through
without manually creating a NetworkCredential object?
Thanks!
Colin
"Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message
news:OLGkxoX0DHA.1764@TK2MSFTNGP10.phx.gbl...the> Just a quick follow up, I should note that it works when I manually pass
> credentials:
>
> Dim myCreds As New NetworkCredential("myuser", "mypassword", "mydomain")
> Dim myCache As New CredentialCache
> myCache.Add(New Uri("http://dev.mydomain.net/"), "Basic", myCreds)
> resolver.Credentials = myCache
>
> But I don't want to have to embed credentials in code, which is why I was
> hoping Basic/Windows Authentication would take care of the issue. The
> virtual directory holding the application has anonymous authentication
> turned off.
>
> Cheers!
> Colin
>
> "Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message
> news:...> > I'm trying to write an ASP.NET page that does on-the-fly XML/XSL
> > transformation. The code is as follows:
> >
> > ---
> > Dim xmlPath As String = Request.QueryString("xml")
> > Dim xslPath As String = Request.QueryString("xsl")
> >
> > If (Len(xmlPath) <= 0) Or (Len(xslPath) <= 0) Then
> > Response.Write("xml or xsl query string parameter missing")
> > Response.End()
> > End If
> >
> > Dim xtr As New XmlTextReader(xmlPath)
> > Dim resolver As XmlUrlResolver = New XmlUrlResolver
> > Dim doc As New XmlDocument
> >
> > resolver.Credentials = CredentialCache.DefaultCredentials
> > xtr.XmlResolver = resolver
> > doc.Load(xtr)
> >
> > Dim transform As New XslTransform
> > transform.Load(xslPath, resolver)
> >
> > transform.Transform(doc, Nothing, Response.Output, resolver)
> > ---
> >
> > When I run this on my local dev box and request an xml document and xsl
> > stylesheet page from our development server which is running Windows
> > SharePoint Services it works great. When I publish the application toan>> > development server it doesn't seem to work. Instead I'm getting:
> >
> > ---
> > Server Error in '/tools/transformxml' Application.
> --------------------------------------------------------------------------
> --> > ----
> >
> > The remote server returned an error: (401) Unauthorized.
> > Description: An unhandled exception occurred during the execution of the
> > current web request. Please review the stack trace for more information
> > about the error and where it originated in the code.
> >
> > Exception Details: System.Net.WebException: The remote server returnedCredentialCache.DefaultCredentials> > error: (401) Unauthorized.
> >
> > Source Error:
> >
> > Line 39: resolver.Credentials =41> > Line 40: xtr.XmlResolver = resolver
> > Line 41: doc.Load(xtr)
> > Line 42:
> > Line 43: ' Instantiate the XslTransform Object
> >
> >
> > Source File: c:\inetpub\devroot\tools\transformxml\inline.aspx Line:+139> >
> > Stack Trace:
> >
> > [WebException: The remote server returned an error: (401) Unauthorized.]
> > System.Net.HttpWebRequest.CheckFinalStatus() +676
> > System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult)Type> > System.Net.HttpWebRequest.GetResponse() +147
> > System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials
> > credentials) +65
> > System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials
> > credentials) +94
> > System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role,page> c:\inetpub\devroot\tools\transformxml\inline.aspx: 41> > ofObjectToReturn) +55
> > System.Xml.XmlTextReader.CreateScanner() +384
> > System.Xml.XmlTextReader.Init() +23
> > System.Xml.XmlTextReader.Read() +530
> > System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean
> > preserveWhitespace) +80
> > System.Xml.XmlDocument.Load(XmlReader reader) +72
> > ASP.inline_aspx.__Render__control1(HtmlTextWriter __output, Control
> > parameterContainer) in>> > System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
> > System.Web.UI.Control.Render(HtmlTextWriter writer) +7
> > System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
> > System.Web.UI.Page.ProcessRequestMain() +1929
> >
> >
> --------------------------------------------------------------------------
> --> ASP.NET> > ----
> > Version Information: Microsoft .NET Framework Version:1.1.4322.573;> > Version:1.1.4322.573
> > ---
> >
> > Checking out the IIS logs I that the code is making a request to thethis> > without any credentials. Notable entries in the web.config include:
> >
> > ---
> > <authentication mode="Windows" />
> > <identity impersonate="true" />
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > ---
> >
> > I've got through KB article 306158 and I still can't seem to resolvepulling> > issue. Any thoughts on what might prevent the XmlTextReader from>> > the document?
> >
> > Thanks!
> > Colin
> >
> >
>
Colin Bowern Guest
-
Kenneth #4 Re: ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials
Colin
Did you ever get this problem solved? I am having the same problem
with my asp.net application.
Does anyone know how i can check if impersonation is actually working?
I have it set to true in the applications web.config file. I have read
a couple of articles that say that you can pass around the logged in
users credential, but I cannot get it to work.
TIA
Kenneth
"Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message news:<umy#Ves1DHA.2396@TK2MSFTNGP09.phx.gbl>...> Anyone have any thoughts on how to get the user credentials to pass through
> without manually creating a NetworkCredential object?
>
> Thanks!
> Colin
>
> "Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message
> news:OLGkxoX0DHA.1764@TK2MSFTNGP10.phx.gbl...> the> > Just a quick follow up, I should note that it works when I manually pass
> > credentials:
> >
> > Dim myCreds As New NetworkCredential("myuser", "mypassword", "mydomain")
> > Dim myCache As New CredentialCache
> > myCache.Add(New Uri("http://dev.mydomain.net/"), "Basic", myCreds)
> > resolver.Credentials = myCache
> >
> > But I don't want to have to embed credentials in code, which is why I was
> > hoping Basic/Windows Authentication would take care of the issue. The
> > virtual directory holding the application has anonymous authentication
> > turned off.
> >
> > Cheers!
> > Colin
> >
> > "Colin Bowern" <colin.bowern@nospam.indimensions.com> wrote in message
> > news:...> > > I'm trying to write an ASP.NET page that does on-the-fly XML/XSL
> > > transformation. The code is as follows:
> > >
> > > ---
> > > Dim xmlPath As String = Request.QueryString("xml")
> > > Dim xslPath As String = Request.QueryString("xsl")
> > >
> > > If (Len(xmlPath) <= 0) Or (Len(xslPath) <= 0) Then
> > > Response.Write("xml or xsl query string parameter missing")
> > > Response.End()
> > > End If
> > >
> > > Dim xtr As New XmlTextReader(xmlPath)
> > > Dim resolver As XmlUrlResolver = New XmlUrlResolver
> > > Dim doc As New XmlDocument
> > >
> > > resolver.Credentials = CredentialCache.DefaultCredentials
> > > xtr.XmlResolver = resolver
> > > doc.Load(xtr)
> > >
> > > Dim transform As New XslTransform
> > > transform.Load(xslPath, resolver)
> > >
> > > transform.Transform(doc, Nothing, Response.Output, resolver)
> > > ---
> > >
> > > When I run this on my local dev box and request an xml document and xsl
> > > stylesheet page from our development server which is running Windows
> > > SharePoint Services it works great. When I publish the application to> an> >> > > development server it doesn't seem to work. Instead I'm getting:
> > >
> > > ---
> > > Server Error in '/tools/transformxml' Application.
> > --------------------------------------------------------------------------
> > --> > > ----
> > >
> > > The remote server returned an error: (401) Unauthorized.
> > > Description: An unhandled exception occurred during the execution of the
> > > current web request. Please review the stack trace for more information
> > > about the error and where it originated in the code.
> > >
> > > Exception Details: System.Net.WebException: The remote server returned> CredentialCache.DefaultCredentials> > > error: (401) Unauthorized.
> > >
> > > Source Error:
> > >
> > > Line 39: resolver.Credentials => 41> > > Line 40: xtr.XmlResolver = resolver
> > > Line 41: doc.Load(xtr)
> > > Line 42:
> > > Line 43: ' Instantiate the XslTransform Object
> > >
> > >
> > > Source File: c:\inetpub\devroot\tools\transformxml\inline.aspx Line:> +139> > >
> > > Stack Trace:
> > >
> > > [WebException: The remote server returned an error: (401) Unauthorized.]
> > > System.Net.HttpWebRequest.CheckFinalStatus() +676
> > > System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult)> Type> > > System.Net.HttpWebRequest.GetResponse() +147
> > > System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials
> > > credentials) +65
> > > System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials
> > > credentials) +94
> > > System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role,> c:\inetpub\devroot\tools\transformxml\inline.aspx: 41> > > ofObjectToReturn) +55
> > > System.Xml.XmlTextReader.CreateScanner() +384
> > > System.Xml.XmlTextReader.Init() +23
> > > System.Xml.XmlTextReader.Read() +530
> > > System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean
> > > preserveWhitespace) +80
> > > System.Xml.XmlDocument.Load(XmlReader reader) +72
> > > ASP.inline_aspx.__Render__control1(HtmlTextWriter __output, Control
> > > parameterContainer) in> ASP.NET> >> > > System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +27
> > > System.Web.UI.Control.Render(HtmlTextWriter writer) +7
> > > System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
> > > System.Web.UI.Page.ProcessRequestMain() +1929
> > >
> > >
> > --------------------------------------------------------------------------
> > --> > > ----
> > > Version Information: Microsoft .NET Framework Version:1.1.4322.573;> page> > > Version:1.1.4322.573
> > > ---
> > >
> > > Checking out the IIS logs I that the code is making a request to the> this> > > without any credentials. Notable entries in the web.config include:
> > >
> > > ---
> > > <authentication mode="Windows" />
> > > <identity impersonate="true" />
> > > <authorization>
> > > <deny users="?" />
> > > </authorization>
> > > ---
> > >
> > > I've got through KB article 306158 and I still can't seem to resolve> pulling> > > issue. Any thoughts on what might prevent the XmlTextReader from> >> > > the document?
> > >
> > > Thanks!
> > > Colin
> > >
> > >
> >Kenneth Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
