Solved

http status 401 Access denied

Posted on 2004-09-09
7
987 Views
Last Modified: 2010-08-05
hello

i have the following architecture

--------------------------------
Client console application
calls
WebService1
calls
WebService2
calls
StoredProcedure1 on SQL 2000
--------------------------------

other points
1. the db is on a remote machine
2. all the applications and web services are on my local machine
3. I have set up my default website for anonymous access
2. My database connection string has integrated security
3. My web.config on Webservice2 <authentication mode="Windows" /> <identity impersonate="true" />

When i try and call  StoredProcedure1 from the client i get

"An unhandled exception of type 'System.Net.WebException' occurred in system.web.services.dll

Additional information: The request failed with HTTP status 401: Access Denied."

any ideas?
0
Comment
Question by:MrKevorkian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12015464
I think what you want to do here is set up a Domain account not an Anonymous one as it will need the appropriate permissions to access your sproc.  My guess is your anonymous account does not have sufficient privaleges to run the sproc and thats why you get the generic error message.  It does always die at the sproc correct?

Regards,

Aeros
0
 
LVL 2

Expert Comment

by:netjkus
ID: 12016915
try this.
1. Check if you are able to connect using the same username/pwd combination from your PC to the DB.
2. the remote machine should allow you to connect to the DB if your username is recognised, so if you pass #1, it is allowing.
3. Remove the Authentication (make it none) and try.

Do you have an idea where it fails?
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 400 total points
ID: 12018176
Aeros is on the right track, but the problem is that your IIS is set up to use a local account to authenticate anonymous requests.  That account is IUSR_<machinename>, and your SQL Server box knows nothing about it, so SQL is not allowing the connection.  You need to create a domain account for anonymous requests and then change the IIS setting to use that account.  Then go to your SQL Server Enterpise Manager and add that domain account to the Logins under the Security section.  Then go to the database that youtr web service needs to access, and make that login a user for the database.  Set the database role to something like Data Reader so the account only has select access on the tables (unless updates need to be done as well).  Just give the account only the permissions it needs on the database.

John
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:jnhorst
ID: 12018240
Also, make sure you have this in web.config right after <authentication mode="Windows" />:

<identity impersonate="true" />

If you do not have this, then your web service code will run under the local ASPNET account context, and the same thing applies; the SQL Server box doesn't know anything about your local ASPNET account, so it will not allow it.  If you have this <identity> tag, then the webservice code will run under the account that authenticated the anonymous request, and if that account is a domain account that has been added as a login in SQL Serevr and given permissions to the needed DB, everything should work fine.

John

0
 
LVL 33

Expert Comment

by:raterus
ID: 12020451
http://support.microsoft.com/default.aspx?kbid=294382

Possible here..Have you given any though to how this is going to run in production.  I can almost guarantee when you run this away from your local computer it isn't going to be nearly as forgiving security wise.  You may need to be looking at enabling Delegation in the future.
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042215
sorry i was away on friday.

thanks for your replies.

jnhorst i like your instructions.
but i am unsure how i change IIS to use a domain account for anonymous requests
how do i do this
thanks


0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042391
silly question!

ive just seen how to do it!

im just testing, ill let you know how it goes shortly
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question