?
Solved

WSE: The request failed with HTTP status 401: Access Denied. When invoking a Web Service Method.

Posted on 2005-03-02
20
Medium Priority
?
681 Views
Last Modified: 2008-01-09
I have a ASP.NET Page to invoke Web Service which is in the same machine and I don't allow Anonymous Access, only Bais Authentication is enabled.

I integrated WSE 2.0 (Web Service Enhancement tool) to my ASP.NET project and pass a UsernameToken with credential to access the web method. When the execution goes to the point when I invoke a Web Method it get an Exception stating.

"The request failed with HTTP status 401: Access Denied."

Here is the code snippet.

Index.aspx.cs

ProjectListWse wseJobList = new ProjectListWse();
UsernameToken token = new UsernameToken(username, password, PasswordOption.SendNone);  //Also tried all three passwordoption
wseJobList.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
wseJobList.RequestSoapContext.Security.Tokens.Add(token);
string xmldata = wseJobList.GetProjectList();  //Exception occurs at this point

Any help is greatly appreciated.

Thanks in advance


0
Comment
Question by:shsiva
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
20 Comments
 
LVL 14

Expert Comment

by:alimu
ID: 13455364
does your user have permission to trigger the ProjectListWse function?  The user context you end up in may have access to use the functions once they're up and running but not spin the component up in the first place.
I'm not really able to diagnose your code (you might be better off posting a link back to this question in the asp.net forum for that) but if you're kicking off functions out of a dll, you may need to set the dll up as a com+ object in component services and run it under specific credentials to get it working....
0
 
LVL 14

Expert Comment

by:alimu
ID: 13492716
Hi, not sure if my comment made sense to you - can you tell me where you're at with this?
0
 

Author Comment

by:shsiva
ID: 13495723
Can you explain me, what do you mean by "User have permission to trigger the ProjectListWse function"?  All domain user have modified access to the root directory when the virtual directory mapped for the web service.

I did post the same question under ASP.NET forum and still waiting to resolve the issue.

Thanks for your response
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 14

Expert Comment

by:alimu
ID: 13501796
forget what I said before...trying to get my head around the code and don't have alot of background in c#.  my comment was related to web methods accessed via dll's / setup within components where the identity and impersonation settings may be causing you grief.

had a read through your other post, didn't realise this worked ok when you used integrated authentication.  The only major difference I can think of between integrated and basic is that in most circumstances you need to add the "logon locally" right in local security policy for your users (this is not required for integrated).
-->Can you add some debugging code to your page and see if you're actually getting valid token contents?
-->The 401 error should show up in your iis logs as associated with a failure to access a particular object in your website  - is there anything showing up in there and can you check that the credentials used have access to this object (c:\windows\system32\logfiles\w3svc* = default location)
--> does anything show up in your event logs.

the only thing i could find hitting a similar error with the getprojectlist() method was related to PDS web applications and Project server at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odc_pj2003_ta/html/ODC_PJHostingPDSWebApplications.asp (search on 401 in this page if this relates).
0
 

Author Comment

by:shsiva
ID: 13506403
As you said, let me try to debug the code to see I am actuallu gettting the valid token or not.

Also I checked the Log file and found the below information. Wherever I hit the Index.aspx which make the call to the Web Service to get the Project List I see the staus marked 401. See if you can get some info from this.

#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2005-03-03 14:44:02
#Fields: time c-ip cs-method cs-uri-stem sc-status
18:32:05 127.0.0.1 GET /ABC/Portal/Index.aspx 401


In the mean time let me read the link you sent.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13512684
this means that whatever account is accessing /abc/portal/index.aspx doesn't have ntfs permissions to access it.

Try turning on additional logging in IIS so that you can see which userid is hitting the site.
right-click website-->properties-->"web site" tab-->properties-->"extended properties" tab-->ensure "username" is ticked.
when you've finished configuring, stop and start the website to trigger new logging.

With basic authentication, the first request to the server in a browser session will not have a userid against it but subsequent requests will. (just so you know this is normal).
0
 
LVL 14

Expert Comment

by:alimu
ID: 13695286
realistically i'm not sure what you should do with it - /Programming/Programming_Languages/Dot_Net/Q_21336295.html
is an identical question hitting this from the programming angle instead.
the asker seems to have lost interest in resolving the problem but there are suggestions for resolving the issue in both versions of the question...
0
 

Author Comment

by:shsiva
ID: 13699971
Dear Admin,

Initially I put the question in this section and after a suggesstion from an Expert, I put the same question under Programming DotNET section but I am following both.  I am still looking forwared to resolve my issues....

If there is a restriction that same question should not be in a two different section, I would say you can keep the one under DOT-NET as I think that would be appropriate.

alimu: I tried all the suggession you provided and still not solving my issue. Thanks for your response again.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13704738
Hi shsiva - you need to post feedback to our comments for us to continue providing assistance...
has the username showing up in the log file been checked for ntfs access to the index file and any includes, etc used within that file?
0
 
LVL 14

Expert Comment

by:alimu
ID: 13704772
try installing and running filemon from www.sysinternals.com and running it while you do a site access - it may show up access denied / file not found and give you a bit more to work with.
0
 

Author Comment

by:shsiva
ID: 13707634
Yes, It showed the username (Domain\siva) on the log file which is me and I have the Administrator rights to this computer.

I will try to installl SysInternals and see what comes up.

Thanks
0
 
LVL 14

Expert Comment

by:alimu
ID: 13770236
have you looked at the NTFS permissions on this file (/ABC/Portal/Index.aspx) and any includes attached to it? (I know you're an administrator but that doesn't guarantee you have anything other than owner permissions on files)
0
 

Author Comment

by:shsiva
ID: 13781612
I looked at the NTFS permission and made sure that I have full rights fromt the root directory till the individual file I am invoking. Nothing seems to work.

There is got be something I am missing...

Also I did run FileMon to see if I get any Access denied error, so I filtered capturing other than SUCCESS and I came thru quiet a bunch of NOT FOUND, END OF FILE and PATH NOT FOUND , I did not see any Access Denied status.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13787360
the only other thing I can think of is that maybe the aspnet account on your server needs access to something like the webmethod and doesn't have it .. did you have any luck with suggestions from the development forum?
0
 

Author Comment

by:shsiva
ID: 13791575
I kind of found a work around to my issue...

As the UserNameToken did not work and kept on giving me the error
"The request failed with HTTP status 401: Access Denied."

Old WebMethod Invoking (which was failing all the time, may be this is not a right way to invoke WebMethod via HTTP, I wonder this UsernameToken was designed for SOAP Request)
ProjectListWse wseJobList = new ProjectListWse();
UsernameToken token = new UsernameToken(username, password, PasswordOption.SendNone);  //Also tried all three passwordoption
wseJobList.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
wseJobList.RequestSoapContext.Security.Tokens.Add(token);
string xmldata = wseJobList.GetProjectList();

So tried using System.Net.CredentialCache to create one and attach to proxy before invoking, it worked provided both client and service has Basic Authentication setup on the IIS. Because setting to Integrated Authentication, the Request.ServerVariables does not return the logon password.

ProjectListWse wseJobList = new ProjectListWse();
System.Net.CredentialCache cache = new System.Net.CredentialCache();
cache.Add(new Uri(wseJobList.Url), "Basic", new System.Net.NetworkCredential(username, password, domain));
wseJobList.Credentials = cache;
string xmldata = wseJobList.GetProjectList();

This code worked pretty well for me. The only reason I was digging on using UsernameToken was to receive the authenticated user from the service so that I can retrieve only the Jobs assigned to the logged on user.

Now that I use System.Security.Principal.WindowsIdentity.GetCurrent().Name on the WebService to capture the username authentication and return the respective joblist.

I still not sure how this will work when it comes to a SOAP request, yet to try but not too worried about that right now.

Thank you so much for all your effort and time for joining me to fix this issue alimu. I really appreciate your help.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13796082
sorry I couldn't fix it for you... good to hear you have a workaround though.
0
 
LVL 14

Expert Comment

by:alimu
ID: 13812812
close away and refund - whether you paq is up to you - this is a workaround, no resolution for why this wouldn't work was found.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 13847842
Closed, 100 points refunded.
Netminder
Site Admin
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question