Professional Web Applications Themes

IIS Web Service 401 Error with Integrated Windows Authentication - ASP.NET

Hi, I have 401 Error when I try to invoke an ASP Web Service through a client if Windows Authentication is used. To identify the reason, I built a simple "Hellow World" Web Service that I can successfully invoke using IE (regardless of the authentication type configured in IIS). I can invoke the same Web Service by another client successfully if the authentication type is Anonymous (regardless of the actual user who it runs under). However, if the Integrated Windows Authentication is ticked, invoking the service fails (even for the users configured for Anonymous access). I tried it on XP ...

  1. #1

    Default IIS Web Service 401 Error with Integrated Windows Authentication


    Hi,

    I have 401 Error when I try to invoke an ASP Web Service through a client if
    Windows Authentication is used.

    To identify the reason, I built a simple "Hellow World" Web Service that I
    can successfully invoke using IE (regardless of the authentication type
    configured in IIS).

    I can invoke the same Web Service by another client successfully if the
    authentication type is Anonymous (regardless of the actual user who it runs
    under).

    However, if the Integrated Windows Authentication is ticked, invoking the
    service fails (even for the users configured for Anonymous access).

    I tried it on XP Professional and IIS 6. (However, I have the same result on
    Win2K3.)

    Help is very much appreciated.

    DownUnder.

    DownUnder Guest

  2. #2

    Default Re: IIS Web Service 401 Error with Integrated Windows Authentication

    Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's

    [url]http://support.microsoft.com/default.aspx?kbid=294382[/url]

    --Michael

    "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:F66965B4-1B93-4264-90F2-C90CE6B62467microsoft.com...
    >
    > Hi,
    >
    > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > Windows Authentication is used.
    >
    > To identify the reason, I built a simple "Hellow World" Web Service that I
    > can successfully invoke using IE (regardless of the authentication type
    > configured in IIS).
    >
    > I can invoke the same Web Service by another client successfully if the
    > authentication type is Anonymous (regardless of the actual user who it runs
    > under).
    >
    > However, if the Integrated Windows Authentication is ticked, invoking the
    > service fails (even for the users configured for Anonymous access).
    >
    > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > Win2K3.)
    >
    > Help is very much appreciated.
    >
    > DownUnder.
    >
    Raterus Guest

  3. #3

    Default Re: IIS Web Service 401 Error with Integrated Windows Authenticati

    That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.

    For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.

    --Michael

    "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:C2872BCE-B9CA-4A04-B4F1-0CD1251196BBmicrosoft.com...
    >
    > Thanks for the reply, Michael. The problem is not definitely related to the
    > webserver name since the problem happens when the authentication type is
    > changed (everything else being the same).
    >
    > My internet search today has given me some clue. It looks like I need to set
    > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > the client code.
    >
    > I donot know much about that topic and I am not sure why this is not done
    > automatically. I am also surprised to learn that it needs to be done in the
    > client programmatically. I have tried it and it seems to solve the problem I
    > had. However, I need to find out and learn more about the topic.
    >
    > Regards,
    >
    > DownUnder.
    >
    >
    >
    >
    >
    > "Raterus" wrote:
    >
    > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > >
    > > [url]http://support.microsoft.com/default.aspx?kbid=294382[/url]
    > >
    > > --Michael
    > >
    > > "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:F66965B4-1B93-4264-90F2-C90CE6B62467microsoft.com...
    > > >
    > > > Hi,
    > > >
    > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > Windows Authentication is used.
    > > >
    > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > can successfully invoke using IE (regardless of the authentication type
    > > > configured in IIS).
    > > >
    > > > I can invoke the same Web Service by another client successfully if the
    > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > under).
    > > >
    > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > service fails (even for the users configured for Anonymous access).
    > > >
    > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > Win2K3.)
    > > >
    > > > Help is very much appreciated.
    > > >
    > > > DownUnder.
    > > >
    > >
    Raterus Guest

  4. #4

    Default Re: IIS Web Service 401 Error with Integrated Windows Authenticati


    You are right. When I think about it, it makes sense to me as well.

    However, I am still surprised that I have not seen any note of those
    credentials on the client site (being set the way it is on the service
    object) before. For some reason (probably the lack of knowledge), I always
    thought the credentials were passed automatically.

    Is there any good doentation about that general subject?




    "Raterus" wrote:
    > That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.
    >
    > For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.
    >
    > --Michael
    >
    > "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:C2872BCE-B9CA-4A04-B4F1-0CD1251196BBmicrosoft.com...
    > >
    > > Thanks for the reply, Michael. The problem is not definitely related to the
    > > webserver name since the problem happens when the authentication type is
    > > changed (everything else being the same).
    > >
    > > My internet search today has given me some clue. It looks like I need to set
    > > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > > the client code.
    > >
    > > I donot know much about that topic and I am not sure why this is not done
    > > automatically. I am also surprised to learn that it needs to be done in the
    > > client programmatically. I have tried it and it seems to solve the problem I
    > > had. However, I need to find out and learn more about the topic.
    > >
    > > Regards,
    > >
    > > DownUnder.
    > >
    > >
    > >
    > >
    > >
    > > "Raterus" wrote:
    > >
    > > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > > >
    > > > [url]http://support.microsoft.com/default.aspx?kbid=294382[/url]
    > > >
    > > > --Michael
    > > >
    > > > "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:F66965B4-1B93-4264-90F2-C90CE6B62467microsoft.com...
    > > > >
    > > > > Hi,
    > > > >
    > > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > > Windows Authentication is used.
    > > > >
    > > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > > can successfully invoke using IE (regardless of the authentication type
    > > > > configured in IIS).
    > > > >
    > > > > I can invoke the same Web Service by another client successfully if the
    > > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > > under).
    > > > >
    > > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > > service fails (even for the users configured for Anonymous access).
    > > > >
    > > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > > Win2K3.)
    > > > >
    > > > > Help is very much appreciated.
    > > > >
    > > > > DownUnder.
    > > > >
    > > >
    >
    DownUnder Guest

  5. #5

    Default Re: IIS Web Service 401 Error with Integrated Windows Authenticati


    I think I now know the reason why I was led to think that the credentials
    are passed automatically:

    It is the "impersonation" setting that I was using (on the server side). I
    thought when that setting was used in the web.config file, the credentials
    from the client were passed automatically somehow. I was wrong...they need to
    be set on the client explicitly as the following KB article states.

    "http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318"


    "DownUnder" wrote:
    >
    > Thanks for the reply, Michael. The problem is not definitely related to the
    > webserver name since the problem happens when the authentication type is
    > changed (everything else being the same).
    >
    > My internet search today has given me some clue. It looks like I need to set
    > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > the client code.
    >
    > I donot know much about that topic and I am not sure why this is not done
    > automatically. I am also surprised to learn that it needs to be done in the
    > client programmatically. I have tried it and it seems to solve the problem I
    > had. However, I need to find out and learn more about the topic.
    >
    > Regards,
    >
    > DownUnder.
    >
    >
    >
    >
    >
    > "Raterus" wrote:
    >
    > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > >
    > > [url]http://support.microsoft.com/default.aspx?kbid=294382[/url]
    > >
    > > --Michael
    > >
    > > "DownUnder" <DownUnderdiscussions.microsoft.com> wrote in message news:F66965B4-1B93-4264-90F2-C90CE6B62467microsoft.com...
    > > >
    > > > Hi,
    > > >
    > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > Windows Authentication is used.
    > > >
    > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > can successfully invoke using IE (regardless of the authentication type
    > > > configured in IIS).
    > > >
    > > > I can invoke the same Web Service by another client successfully if the
    > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > under).
    > > >
    > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > service fails (even for the users configured for Anonymous access).
    > > >
    > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > Win2K3.)
    > > >
    > > > Help is very much appreciated.
    > > >
    > > > DownUnder.
    > > >
    > >
    DownUnder Guest

Similar Threads

  1. Replies: 1
    Last Post: November 23rd, 11:15 AM
  2. Intranet and Integrated Windows Authentication
    By Andrew in forum ASP.NET Security
    Replies: 3
    Last Post: June 23rd, 10:47 PM
  3. .NET, Integrated Windows Authentication, and more
    By FuriousMojo in forum ASP.NET Security
    Replies: 1
    Last Post: December 17th, 02:15 PM
  4. Replies: 0
    Last Post: November 26th, 03:36 AM
  5. integrated Windows authentication
    By Scott Klein in forum ASP
    Replies: 4
    Last Post: August 7th, 01:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139