integrated windows authentication - web services

Discussion in 'ASP .Net Security' started by Tim B, Sep 19, 2003.

  1. Tim B

    Tim B Guest

    I have a performance question.

    I have a web service in a machine (not in the a domain at
    all) and the virtual directory is setup for integrated
    windows auth. The server is WIN2003.

    When I call the service from my code I set up a
    credential cache with the appropriate credentials and the
    call succeeds.

    My question is - why when I look at the IIS logs on the
    server does it show 2 401 responses prior to the third
    attempt showing up with the correct username ?

    The only way this doesn't happen is if I enable anonymous
    access.

    In reading various posts I thought that by removing some
    of the other auth methods (basic, digest) from the
    authentication manager that it might resolve this, but it
    had no effect.

    BTW the security logs just show a sucessful logon using
    ntlm.

    Any thoughts on how to avoid this ?


    I'm wondering about the
     
    Tim B, Sep 19, 2003
    #1
    1. Advertising

  2. Hi Tim,

    Currently I have not a specific answer for this issue. Please tell me the
    sub error code of the 401 error. (The 401 error has 5 sub error codes.)

    In addition, I have found an article regarding this issue for your
    reference:

    HTTP Security and ASP.NET Web Services
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/ht
    ml/httpsecurity.asp

    I hope it helps.

    Best regards,

    Jacob Yang
    Microsoft Online Partner Support
    <MCSD>
    Get Secure! ┬ĘC www.microsoft.com/security
    This posting is provided "as is" with no warranties and confers no rights.
     
    Jacob Yang [MSFT], Sep 22, 2003
    #2
    1. Advertising

  3. Tim B

    TimB Guest

    Thats all interesting information, but if you read the
    original post you will note this is not interaction with
    IE, rather .NET code calling a webservice.

    So I'd still like an answer to the original question..
    I am providing all the correct credentials to the web
    service proxy, why does it attempt to connect as
    anonymous once, then once again and finally on the third
    attempt send the credentials.

    Is there way around this ? Its hard enough to deal with
    the performance issues inherent with web services
    architecture to begin with, not to mention the extra
    round trips being made becuase it doesn't pass the
    credentials along the first time.

    Tim



    >-----Original Message-----
    >Hi Tim,
    >
    >"401 2 2148074254" means no credential in current

    request. This is default
    >behavior between client and IIS server. If you browse a

    web page in a
    >virtrual folder with integrated windows authentication,

    you also will get
    >same log information. Form the log information, you can

    notice the client
    >(IE) will first send a request without credential, if

    this is rejected by
    >"401" it will resend the request with the credential.

    Since this wouldn't
    >affect the usage of web service, we don't need to pay

    many attention on
    >this issue.
    >
    >
    >Luke
    >Microsoft Online Partner Support
    >
    >Get Secure! www.microsoft.com/security
    >(This posting is provided "AS IS", with no warranties,

    and confers no
    >rights.)
    >
    >.
    >
     
    TimB, Sep 23, 2003
    #3
  4. Tim B

    MSFT Guest

    Hi Tim,

    When .NT client access a web service on IIS server, it use same protocol
    with IE to IIS server. Therefore, we will get same result in the log. This
    is common round for a request and wouldn't impact the performance too much.

    Luke
    Microsoft Online Partner Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Sep 24, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    677
  2. Will
    Replies:
    5
    Views:
    2,624
  3. DownUnder
    Replies:
    4
    Views:
    505
    DownUnder
    Aug 19, 2004
  4. Web Developer

    Integrated Authentication, Impersonation, and Web Services

    Web Developer, Dec 15, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    161
    Paul Clement
    Dec 15, 2004
  5. Jacob
    Replies:
    0
    Views:
    150
    Jacob
    Nov 8, 2006
Loading...

Share This Page