?
Solved

WSE: The request failed with HTTP status 401: Access Denied. When invoking a Web Service Method.

Posted on 2005-03-02
20
Medium Priority
?
695 Views
Last Modified: 2008-01-09
I have a ASP.NET Page to invoke Web Service which is in the same machine and I don't allow Anonymous Access, only Bais Authentication is enabled.

I integrated WSE 2.0 (Web Service Enhancement tool) to my ASP.NET project and pass a UsernameToken with credential to access the web method. When the execution goes to the point when I invoke a Web Method it get an Exception stating.

"The request failed with HTTP status 401: Access Denied."

Here is the code snippet.

Index.aspx.cs

ProjectListWse wseJobList = new ProjectListWse();
UsernameToken token = new UsernameToken(username, password, PasswordOption.SendNone);  //Also tried all three passwordoption
wseJobList.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
wseJobList.RequestSoapContext.Security.Tokens.Add(token);
string xmldata = wseJobList.GetProjectList();  //Exception occurs at this point

Any help is greatly appreciated.

Thanks in advance


0
Comment
Question by:shsiva
  • 11
  • 6
18 Comments
 
LVL 14

Expert Comment

by:alimu
ID: 13455364
does your user have permission to trigger the ProjectListWse function?  The user context you end up in may have access to use the functions once they're up and running but not spin the component up in the first place.
I'm not really able to diagnose your code (you might be better off posting a link back to this question in the asp.net forum for that) but if you're kicking off functions out of a dll, you may need to set the dll up as a com+ object in component services and run it under specific credentials to get it working....
0
 
LVL 14

Expert Comment

by:alimu
ID: 13492716
Hi, not sure if my comment made sense to you - can you tell me where you're at with this?
0
 

Author Comment

by:shsiva
ID: 13495723
Can you explain me, what do you mean by "User have permission to trigger the ProjectListWse function"?  All domain user have modified access to the root directory when the virtual directory mapped for the web service.

I did post the same question under ASP.NET forum and still waiting to resolve the issue.

Thanks for your response
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
LVL 14

Expert Comment

by:alimu
ID: 13501796
forget what I said before...trying to get my head around the code and don't have alot of background in c#.  my comment was related to web methods accessed via dll's / setup within components where the identity and impersonation settings may be causing you grief.

had a read through your other post, didn't realise this worked ok when you used integrated authentication.  The only major difference I can think of between integrated and basic is that in most circumstances you need to add the "logon locally" right in local security policy for your users (this is not required for integrated).
-->Can you add some debugging code to your page and see if you're actually getting valid token contents?
-->The 401 error should show up in your iis logs as associated with a failure to access a particular object in your website  - is there anything showing up in there and can you check that the credentials used have access to this object (c:\windows\system32\logfiles\w3svc* = default location)
--> does anything show up in your event logs.

the only thing i could find hitting a similar error with the getprojectlist() method was related to PDS web applications and Project server at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odc_pj2003_ta/html/ODC_PJHostingPDSWebApplications.asp (search on 401 in this page if this relates).
0
 

Author Comment

by:shsiva
ID: 13506403
As you said, let me try to debug the code to see I am actuallu gettting the valid token or not.

Also I checked the Log file and found the below information. Wherever I hit the Index.aspx which make the call to the Web Service to get the Project List I see the staus marked 401. See if you can get some info from this.

#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2005-03-03 14:44:02
#Fields: time c-ip cs-method cs-uri-stem sc-status
18:32:05 127.0.0.1 GET /ABC/Portal/Index.aspx 401


In the mean time let me read the link you sent.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13512684
this means that whatever account is accessing /abc/portal/index.aspx doesn't have ntfs permissions to access it.

Try turning on additional logging in IIS so that you can see which userid is hitting the site.
right-click website-->properties-->"web site" tab-->properties-->"extended properties" tab-->ensure "username" is ticked.
when you've finished configuring, stop and start the website to trigger new logging.

With basic authentication, the first request to the server in a browser session will not have a userid against it but subsequent requests will. (just so you know this is normal).
0
 
LVL 14

Expert Comment

by:alimu
ID: 13695286
realistically i'm not sure what you should do with it - /Programming/Programming_Languages/Dot_Net/Q_21336295.html
is an identical question hitting this from the programming angle instead.
the asker seems to have lost interest in resolving the problem but there are suggestions for resolving the issue in both versions of the question...
0
 

Author Comment

by:shsiva
ID: 13699971
Dear Admin,

Initially I put the question in this section and after a suggesstion from an Expert, I put the same question under Programming DotNET section but I am following both.  I am still looking forwared to resolve my issues....

If there is a restriction that same question should not be in a two different section, I would say you can keep the one under DOT-NET as I think that would be appropriate.

alimu: I tried all the suggession you provided and still not solving my issue. Thanks for your response again.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13704738
Hi shsiva - you need to post feedback to our comments for us to continue providing assistance...
has the username showing up in the log file been checked for ntfs access to the index file and any includes, etc used within that file?
0
 
LVL 14

Expert Comment

by:alimu
ID: 13704772
try installing and running filemon from www.sysinternals.com and running it while you do a site access - it may show up access denied / file not found and give you a bit more to work with.
0
 

Author Comment

by:shsiva
ID: 13707634
Yes, It showed the username (Domain\siva) on the log file which is me and I have the Administrator rights to this computer.

I will try to installl SysInternals and see what comes up.

Thanks
0
 
LVL 14

Expert Comment

by:alimu
ID: 13770236
have you looked at the NTFS permissions on this file (/ABC/Portal/Index.aspx) and any includes attached to it? (I know you're an administrator but that doesn't guarantee you have anything other than owner permissions on files)
0
 

Author Comment

by:shsiva
ID: 13781612
I looked at the NTFS permission and made sure that I have full rights fromt the root directory till the individual file I am invoking. Nothing seems to work.

There is got be something I am missing...

Also I did run FileMon to see if I get any Access denied error, so I filtered capturing other than SUCCESS and I came thru quiet a bunch of NOT FOUND, END OF FILE and PATH NOT FOUND , I did not see any Access Denied status.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13787360
the only other thing I can think of is that maybe the aspnet account on your server needs access to something like the webmethod and doesn't have it .. did you have any luck with suggestions from the development forum?
0
 

Author Comment

by:shsiva
ID: 13791575
I kind of found a work around to my issue...

As the UserNameToken did not work and kept on giving me the error
"The request failed with HTTP status 401: Access Denied."

Old WebMethod Invoking (which was failing all the time, may be this is not a right way to invoke WebMethod via HTTP, I wonder this UsernameToken was designed for SOAP Request)
ProjectListWse wseJobList = new ProjectListWse();
UsernameToken token = new UsernameToken(username, password, PasswordOption.SendNone);  //Also tried all three passwordoption
wseJobList.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
wseJobList.RequestSoapContext.Security.Tokens.Add(token);
string xmldata = wseJobList.GetProjectList();

So tried using System.Net.CredentialCache to create one and attach to proxy before invoking, it worked provided both client and service has Basic Authentication setup on the IIS. Because setting to Integrated Authentication, the Request.ServerVariables does not return the logon password.

ProjectListWse wseJobList = new ProjectListWse();
System.Net.CredentialCache cache = new System.Net.CredentialCache();
cache.Add(new Uri(wseJobList.Url), "Basic", new System.Net.NetworkCredential(username, password, domain));
wseJobList.Credentials = cache;
string xmldata = wseJobList.GetProjectList();

This code worked pretty well for me. The only reason I was digging on using UsernameToken was to receive the authenticated user from the service so that I can retrieve only the Jobs assigned to the logged on user.

Now that I use System.Security.Principal.WindowsIdentity.GetCurrent().Name on the WebService to capture the username authentication and return the respective joblist.

I still not sure how this will work when it comes to a SOAP request, yet to try but not too worried about that right now.

Thank you so much for all your effort and time for joining me to fix this issue alimu. I really appreciate your help.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13796082
sorry I couldn't fix it for you... good to hear you have a workaround though.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13812812
close away and refund - whether you paq is up to you - this is a workaround, no resolution for why this wouldn't work was found.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 13847842
Closed, 100 points refunded.
Netminder
Site Admin
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question