Solved

http status 401 Access denied

Posted on 2004-09-09
7
983 Views
Last Modified: 2010-08-05
hello

i have the following architecture

--------------------------------
Client console application
calls
WebService1
calls
WebService2
calls
StoredProcedure1 on SQL 2000
--------------------------------

other points
1. the db is on a remote machine
2. all the applications and web services are on my local machine
3. I have set up my default website for anonymous access
2. My database connection string has integrated security
3. My web.config on Webservice2 <authentication mode="Windows" /> <identity impersonate="true" />

When i try and call  StoredProcedure1 from the client i get

"An unhandled exception of type 'System.Net.WebException' occurred in system.web.services.dll

Additional information: The request failed with HTTP status 401: Access Denied."

any ideas?
0
Comment
Question by:MrKevorkian
7 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12015464
I think what you want to do here is set up a Domain account not an Anonymous one as it will need the appropriate permissions to access your sproc.  My guess is your anonymous account does not have sufficient privaleges to run the sproc and thats why you get the generic error message.  It does always die at the sproc correct?

Regards,

Aeros
0
 
LVL 2

Expert Comment

by:netjkus
ID: 12016915
try this.
1. Check if you are able to connect using the same username/pwd combination from your PC to the DB.
2. the remote machine should allow you to connect to the DB if your username is recognised, so if you pass #1, it is allowing.
3. Remove the Authentication (make it none) and try.

Do you have an idea where it fails?
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 400 total points
ID: 12018176
Aeros is on the right track, but the problem is that your IIS is set up to use a local account to authenticate anonymous requests.  That account is IUSR_<machinename>, and your SQL Server box knows nothing about it, so SQL is not allowing the connection.  You need to create a domain account for anonymous requests and then change the IIS setting to use that account.  Then go to your SQL Server Enterpise Manager and add that domain account to the Logins under the Security section.  Then go to the database that youtr web service needs to access, and make that login a user for the database.  Set the database role to something like Data Reader so the account only has select access on the tables (unless updates need to be done as well).  Just give the account only the permissions it needs on the database.

John
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 10

Expert Comment

by:jnhorst
ID: 12018240
Also, make sure you have this in web.config right after <authentication mode="Windows" />:

<identity impersonate="true" />

If you do not have this, then your web service code will run under the local ASPNET account context, and the same thing applies; the SQL Server box doesn't know anything about your local ASPNET account, so it will not allow it.  If you have this <identity> tag, then the webservice code will run under the account that authenticated the anonymous request, and if that account is a domain account that has been added as a login in SQL Serevr and given permissions to the needed DB, everything should work fine.

John

0
 
LVL 33

Expert Comment

by:raterus
ID: 12020451
http://support.microsoft.com/default.aspx?kbid=294382

Possible here..Have you given any though to how this is going to run in production.  I can almost guarantee when you run this away from your local computer it isn't going to be nearly as forgiving security wise.  You may need to be looking at enabling Delegation in the future.
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042215
sorry i was away on friday.

thanks for your replies.

jnhorst i like your instructions.
but i am unsure how i change IIS to use a domain account for anonymous requests
how do i do this
thanks


0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042391
silly question!

ive just seen how to do it!

im just testing, ill let you know how it goes shortly
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Syntax Error 2 65
Error in JQuery 5 53
Reading the Web.Config using IIS 7.5? 4 36
RLDC Reporting in Visual studio 11 16
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question