[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

http status 401 Access denied

Posted on 2004-09-09
7
Medium Priority
?
992 Views
Last Modified: 2010-08-05
hello

i have the following architecture

--------------------------------
Client console application
calls
WebService1
calls
WebService2
calls
StoredProcedure1 on SQL 2000
--------------------------------

other points
1. the db is on a remote machine
2. all the applications and web services are on my local machine
3. I have set up my default website for anonymous access
2. My database connection string has integrated security
3. My web.config on Webservice2 <authentication mode="Windows" /> <identity impersonate="true" />

When i try and call  StoredProcedure1 from the client i get

"An unhandled exception of type 'System.Net.WebException' occurred in system.web.services.dll

Additional information: The request failed with HTTP status 401: Access Denied."

any ideas?
0
Comment
Question by:MrKevorkian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12015464
I think what you want to do here is set up a Domain account not an Anonymous one as it will need the appropriate permissions to access your sproc.  My guess is your anonymous account does not have sufficient privaleges to run the sproc and thats why you get the generic error message.  It does always die at the sproc correct?

Regards,

Aeros
0
 
LVL 2

Expert Comment

by:netjkus
ID: 12016915
try this.
1. Check if you are able to connect using the same username/pwd combination from your PC to the DB.
2. the remote machine should allow you to connect to the DB if your username is recognised, so if you pass #1, it is allowing.
3. Remove the Authentication (make it none) and try.

Do you have an idea where it fails?
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 1600 total points
ID: 12018176
Aeros is on the right track, but the problem is that your IIS is set up to use a local account to authenticate anonymous requests.  That account is IUSR_<machinename>, and your SQL Server box knows nothing about it, so SQL is not allowing the connection.  You need to create a domain account for anonymous requests and then change the IIS setting to use that account.  Then go to your SQL Server Enterpise Manager and add that domain account to the Logins under the Security section.  Then go to the database that youtr web service needs to access, and make that login a user for the database.  Set the database role to something like Data Reader so the account only has select access on the tables (unless updates need to be done as well).  Just give the account only the permissions it needs on the database.

John
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 10

Expert Comment

by:jnhorst
ID: 12018240
Also, make sure you have this in web.config right after <authentication mode="Windows" />:

<identity impersonate="true" />

If you do not have this, then your web service code will run under the local ASPNET account context, and the same thing applies; the SQL Server box doesn't know anything about your local ASPNET account, so it will not allow it.  If you have this <identity> tag, then the webservice code will run under the account that authenticated the anonymous request, and if that account is a domain account that has been added as a login in SQL Serevr and given permissions to the needed DB, everything should work fine.

John

0
 
LVL 33

Expert Comment

by:raterus
ID: 12020451
http://support.microsoft.com/default.aspx?kbid=294382

Possible here..Have you given any though to how this is going to run in production.  I can almost guarantee when you run this away from your local computer it isn't going to be nearly as forgiving security wise.  You may need to be looking at enabling Delegation in the future.
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042215
sorry i was away on friday.

thanks for your replies.

jnhorst i like your instructions.
but i am unsure how i change IIS to use a domain account for anonymous requests
how do i do this
thanks


0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 12042391
silly question!

ive just seen how to do it!

im just testing, ill let you know how it goes shortly
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question