integrated windows authentication - web services

Discussion in 'ASP .Net Security' started by Tim B, Sep 19, 2003.

  1. Tim B

    Tim B Guest

    I have a performance question.

    I have a web service in a machine (not in the a domain at
    all) and the virtual directory is setup for integrated
    windows auth. The server is WIN2003.

    When I call the service from my code I set up a
    credential cache with the appropriate credentials and the
    call succeeds.

    My question is - why when I look at the IIS logs on the
    server does it show 2 401 responses prior to the third
    attempt showing up with the correct username ?

    The only way this doesn't happen is if I enable anonymous

    In reading various posts I thought that by removing some
    of the other auth methods (basic, digest) from the
    authentication manager that it might resolve this, but it
    had no effect.

    BTW the security logs just show a sucessful logon using

    Any thoughts on how to avoid this ?

    I'm wondering about the
    Tim B, Sep 19, 2003
    1. Advertisements

  2. Hi Tim,

    Currently I have not a specific answer for this issue. Please tell me the
    sub error code of the 401 error. (The 401 error has 5 sub error codes.)

    In addition, I have found an article regarding this issue for your

    HTTP Security and ASP.NET Web Services

    I hope it helps.

    Best regards,

    Jacob Yang
    Microsoft Online Partner Support
    Get Secure! ┬ĘC
    This posting is provided "as is" with no warranties and confers no rights.
    Jacob Yang [MSFT], Sep 22, 2003
    1. Advertisements

  3. TimB

    TimB Guest

    Thats all interesting information, but if you read the
    original post you will note this is not interaction with
    IE, rather .NET code calling a webservice.

    So I'd still like an answer to the original question..
    I am providing all the correct credentials to the web
    service proxy, why does it attempt to connect as
    anonymous once, then once again and finally on the third
    attempt send the credentials.

    Is there way around this ? Its hard enough to deal with
    the performance issues inherent with web services
    architecture to begin with, not to mention the extra
    round trips being made becuase it doesn't pass the
    credentials along the first time.


    >-----Original Message-----
    >Hi Tim,
    >"401 2 2148074254" means no credential in current

    request. This is default
    >behavior between client and IIS server. If you browse a

    web page in a
    >virtrual folder with integrated windows authentication,

    you also will get
    >same log information. Form the log information, you can

    notice the client
    >(IE) will first send a request without credential, if

    this is rejected by
    >"401" it will resend the request with the credential.

    Since this wouldn't
    >affect the usage of web service, we don't need to pay

    many attention on
    >this issue.
    >Microsoft Online Partner Support
    >Get Secure!
    >(This posting is provided "AS IS", with no warranties,

    and confers no
    TimB, Sep 23, 2003
  4. MSFT

    MSFT Guest

    Hi Tim,

    When .NT client access a web service on IIS server, it use same protocol
    with IE to IIS server. Therefore, we will get same result in the log. This
    is common round for a request and wouldn't impact the performance too much.

    Microsoft Online Partner Support

    Get Secure!
    (This posting is provided "AS IS", with no warranties, and confers no
    MSFT, Sep 24, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
  2. Will
  3. DownUnder
    Aug 19, 2004
  4. Web Developer

    Integrated Authentication, Impersonation, and Web Services

    Web Developer, Dec 15, 2004, in forum: ASP .Net Security
    Paul Clement
    Dec 15, 2004
  5. Jacob
    Nov 8, 2006

Share This Page