IIS Web Service 401 Error with Integrated Windows Authentication

Discussion in 'ASP .Net Security' started by DownUnder, Aug 18, 2004.

  1. DownUnder

    DownUnder Guest

    Hi,

    I have 401 Error when I try to invoke an ASP Web Service through a client if
    Windows Authentication is used.

    To identify the reason, I built a simple "Hellow World" Web Service that I
    can successfully invoke using IE (regardless of the authentication type
    configured in IIS).

    I can invoke the same Web Service by another client successfully if the
    authentication type is Anonymous (regardless of the actual user who it runs
    under).

    However, if the Integrated Windows Authentication is ticked, invoking the
    service fails (even for the users configured for Anonymous access).

    I tried it on XP Professional and IIS 6. (However, I have the same result on
    Win2K3.)

    Help is very much appreciated.

    DownUnder.
    DownUnder, Aug 18, 2004
    #1
    1. Advertising

  2. DownUnder

    Raterus Guest

    Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's

    http://support.microsoft.com/default.aspx?kbid=294382

    --Michael

    "DownUnder" <> wrote in message news:...
    >
    > Hi,
    >
    > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > Windows Authentication is used.
    >
    > To identify the reason, I built a simple "Hellow World" Web Service that I
    > can successfully invoke using IE (regardless of the authentication type
    > configured in IIS).
    >
    > I can invoke the same Web Service by another client successfully if the
    > authentication type is Anonymous (regardless of the actual user who it runs
    > under).
    >
    > However, if the Integrated Windows Authentication is ticked, invoking the
    > service fails (even for the users configured for Anonymous access).
    >
    > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > Win2K3.)
    >
    > Help is very much appreciated.
    >
    > DownUnder.
    >
    Raterus, Aug 18, 2004
    #2
    1. Advertising

  3. DownUnder

    Raterus Guest

    Re: IIS Web Service 401 Error with Integrated Windows Authenticati

    That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.

    For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.

    --Michael

    "DownUnder" <> wrote in message news:...
    >
    > Thanks for the reply, Michael. The problem is not definitely related to the
    > webserver name since the problem happens when the authentication type is
    > changed (everything else being the same).
    >
    > My internet search today has given me some clue. It looks like I need to set
    > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > the client code.
    >
    > I donot know much about that topic and I am not sure why this is not done
    > automatically. I am also surprised to learn that it needs to be done in the
    > client programmatically. I have tried it and it seems to solve the problem I
    > had. However, I need to find out and learn more about the topic.
    >
    > Regards,
    >
    > DownUnder.
    >
    >
    >
    >
    >
    > "Raterus" wrote:
    >
    > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > >
    > > http://support.microsoft.com/default.aspx?kbid=294382
    > >
    > > --Michael
    > >
    > > "DownUnder" <> wrote in message news:...
    > > >
    > > > Hi,
    > > >
    > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > Windows Authentication is used.
    > > >
    > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > can successfully invoke using IE (regardless of the authentication type
    > > > configured in IIS).
    > > >
    > > > I can invoke the same Web Service by another client successfully if the
    > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > under).
    > > >
    > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > service fails (even for the users configured for Anonymous access).
    > > >
    > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > Win2K3.)
    > > >
    > > > Help is very much appreciated.
    > > >
    > > > DownUnder.
    > > >

    > >
    Raterus, Aug 18, 2004
    #3
  4. DownUnder

    DownUnder Guest

    Re: IIS Web Service 401 Error with Integrated Windows Authenticati

    You are right. When I think about it, it makes sense to me as well.

    However, I am still surprised that I have not seen any note of those
    credentials on the client site (being set the way it is on the service
    object) before. For some reason (probably the lack of knowledge), I always
    thought the credentials were passed automatically.

    Is there any good documentation about that general subject?




    "Raterus" wrote:

    > That almost makes sense to me. Lets say this was just a normal aspx page and you were accessing it through a browser. The browser only passes its windows credentials if certain conditions are in place (like it is in the Local Intranet Group). You certainly wouldn't want your windows credentials passed to every webpage you access.
    >
    > For a webservice though, you have basically the same situation, I don't believe .net is going to pass it's windows credentials to a potentially external webservice without you directly telling it to. It will probably default to anonymous authenentication if you don't specify anything.
    >
    > --Michael
    >
    > "DownUnder" <> wrote in message news:...
    > >
    > > Thanks for the reply, Michael. The problem is not definitely related to the
    > > webserver name since the problem happens when the authentication type is
    > > changed (everything else being the same).
    > >
    > > My internet search today has given me some clue. It looks like I need to set
    > > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > > the client code.
    > >
    > > I donot know much about that topic and I am not sure why this is not done
    > > automatically. I am also surprised to learn that it needs to be done in the
    > > client programmatically. I have tried it and it seems to solve the problem I
    > > had. However, I need to find out and learn more about the topic.
    > >
    > > Regards,
    > >
    > > DownUnder.
    > >
    > >
    > >
    > >
    > >
    > > "Raterus" wrote:
    > >
    > > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > > >
    > > > http://support.microsoft.com/default.aspx?kbid=294382
    > > >
    > > > --Michael
    > > >
    > > > "DownUnder" <> wrote in message news:...
    > > > >
    > > > > Hi,
    > > > >
    > > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > > Windows Authentication is used.
    > > > >
    > > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > > can successfully invoke using IE (regardless of the authentication type
    > > > > configured in IIS).
    > > > >
    > > > > I can invoke the same Web Service by another client successfully if the
    > > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > > under).
    > > > >
    > > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > > service fails (even for the users configured for Anonymous access).
    > > > >
    > > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > > Win2K3.)
    > > > >
    > > > > Help is very much appreciated.
    > > > >
    > > > > DownUnder.
    > > > >
    > > >

    >
    DownUnder, Aug 19, 2004
    #4
  5. DownUnder

    DownUnder Guest

    Re: IIS Web Service 401 Error with Integrated Windows Authenticati

    I think I now know the reason why I was led to think that the credentials
    are passed automatically:

    It is the "impersonation" setting that I was using (on the server side). I
    thought when that setting was used in the web.config file, the credentials
    from the client were passed automatically somehow. I was wrong...they need to
    be set on the client explicitly as the following KB article states.

    "http://support.microsoft.com/default.aspx?scid=kb;EN-US;811318"


    "DownUnder" wrote:

    >
    > Thanks for the reply, Michael. The problem is not definitely related to the
    > webserver name since the problem happens when the authentication type is
    > changed (everything else being the same).
    >
    > My internet search today has given me some clue. It looks like I need to set
    > the "Credentials" for the service programmatically to "DefaultCredentials" in
    > the client code.
    >
    > I donot know much about that topic and I am not sure why this is not done
    > automatically. I am also surprised to learn that it needs to be done in the
    > client programmatically. I have tried it and it seems to solve the problem I
    > had. However, I need to find out and learn more about the topic.
    >
    > Regards,
    >
    > DownUnder.
    >
    >
    >
    >
    >
    > "Raterus" wrote:
    >
    > > Are you using a fully-qualified domain name for the webserver? If so you might want to check out this article about setting the SPN's
    > >
    > > http://support.microsoft.com/default.aspx?kbid=294382
    > >
    > > --Michael
    > >
    > > "DownUnder" <> wrote in message news:...
    > > >
    > > > Hi,
    > > >
    > > > I have 401 Error when I try to invoke an ASP Web Service through a client if
    > > > Windows Authentication is used.
    > > >
    > > > To identify the reason, I built a simple "Hellow World" Web Service that I
    > > > can successfully invoke using IE (regardless of the authentication type
    > > > configured in IIS).
    > > >
    > > > I can invoke the same Web Service by another client successfully if the
    > > > authentication type is Anonymous (regardless of the actual user who it runs
    > > > under).
    > > >
    > > > However, if the Integrated Windows Authentication is ticked, invoking the
    > > > service fails (even for the users configured for Anonymous access).
    > > >
    > > > I tried it on XP Professional and IIS 6. (However, I have the same result on
    > > > Win2K3.)
    > > >
    > > > Help is very much appreciated.
    > > >
    > > > DownUnder.
    > > >

    > >
    DownUnder, Aug 19, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel Bass
    Replies:
    5
    Views:
    5,469
    shijobaby
    Feb 6, 2010
  2. sqlman
    Replies:
    1
    Views:
    2,879
    David Wang
    Jul 28, 2009
  3. Daniel Bass
    Replies:
    3
    Views:
    136
  4. Frank
    Replies:
    0
    Views:
    118
    Frank
    Nov 26, 2003
  5. Replies:
    1
    Views:
    953
    CSharpner
    Nov 11, 2009
Loading...

Share This Page