?
Solved

.Net 3.5 Breaks Webdav Authentication to exchange

Posted on 2009-04-21
7
Medium Priority
?
650 Views
Last Modified: 2013-12-17
I have an application coded in Microsoft Visual c# 2005 Express.  The application uses Webdav to access Outlook Calendars on an exchange 2003 server.  The application is installed on the exchange 2003 server.  The application has been in use without any problems for a number of years.  Recently I upgraded to Microsoft Visual c# 2008 express.  I compiled the application in c# 2008 wityhout making any changes to the code. It compiled OK and executed OK on my test machine.  However when I installed the updated version on my production server I was prompted to install .NET 3.5 SP1.  After installing this version of .NET the application is unable to access the outlook calendars. It returns a 401 not authorised error.  The application still works OK on a remote machine. I tried uninstalling .NET 3.5 SP1 and recompiling the application in Microsoft c# 2005 but I am still unable to access the outlook calendars when the application is executed on the local server.  It can however access the calendars OK when run on a remote server. I am sure this something that .NET 3.5 has broken on the exchange server.  Has anybody else experienced this issue when upgrading a server to .net 3.5 and has anybody any suggestions how to fix this.
0
Comment
Question by:DCMBS
  • 3
4 Comments
 
LVL 47

Expert Comment

by:apache09
ID: 24238525
Only issues I have heard with .NET 3.5 SP1 have been using Exchange Server 2007
http://support.microsoft.com/kb/958934

Perhaps there are some similar using 2003
0
 
LVL 9

Author Comment

by:DCMBS
ID: 24241823
This is the section of code that seems to have been broken by the installation of .net 3.5 sp1.

The exception is thrown at the call the line
           Response = (HttpWebResponse)Request.GetResponse();
This returns the following reponse
          The remote server returned an error: (401) Unauthorized.
This works OK when I run the routine on a remote server that has not had .net 3.5 sp1 installed, and used to work OK on this machine until .net 3.5 sp1 was installed so it seem that .net 3.5 sp 1 changes the way the (HttpWebResponse)Request.GetResponse() is processed, or perhaps it the way the credentials cache is handled??
Any ideas would be appreciated.



Code Extract.
            string strUserName = "XXXXXXXXX";
            string strPassword = "XXXXXXXX";
            string strDomain = "XXXXXXXX";
            byte[] bytes = null;

            System.Net.HttpWebRequest Request;
            System.Net.WebResponse Response;
            System.Net.CredentialCache MyCredentialCache;
            System.IO.Stream RequestStream;
            System.IO.Stream ResponseStream;
            System.Xml.XmlDocument ResponseXmlDoc;


            try
            {
                // Build the SQL query.            

                // Create a new CredentialCache object and fill it with the network
                // credentials required to access the server.
                MyCredentialCache = new System.Net.CredentialCache();
                MyCredentialCache.Add(new System.Uri(strCalendarURI),
                   "NTLM",
                   new System.Net.NetworkCredential(strUserName, strPassword, strDomain)
                   );

                // Create the HttpWebRequest object.
                Request = (System.Net.HttpWebRequest)HttpWebRequest.Create(strCalendarURI);

                // Add the network credentials to the request.
                Request.Credentials = MyCredentialCache;

                // Specify the method.
                Request.Method = "SEARCH";

                // Encode the body using UTF-8.
                bytes = Encoding.UTF8.GetBytes((string)OutlookQry);

                // Set the content header length.  This must be
                // done before writing data to the request stream.
                Request.ContentLength = bytes.Length;

                // Get a reference to the request stream.
                RequestStream = Request.GetRequestStream();

                // Write the SQL query to the request stream.
                RequestStream.Write(bytes, 0, bytes.Length);

                // Close the Stream object to release the connection
                // for further use.
                RequestStream.Close();

                // Set the content type header.
                Request.ContentType = "text/xml";

                // Send the SEARCH method request and get the
                // response from the server.
                Response = (HttpWebResponse)Request.GetResponse();

                // Get the XML response stream.
                ResponseStream = Response.GetResponseStream();

                // Create the XmlDocument object from the XML response stream.
                ResponseXmlDoc = new XmlDocument();
                ResponseXmlDoc.Load(ResponseStream);
                ResponseStream.Close();
                Response.Close();
                return ResponseXmlDoc;
            }
            catch (Exception ex)
            {
                // Catch any exceptions. Any error codes from the SEARCH
                // method request on the server will be caught here, also.
                Console.Out.WriteLine(DateTime.Now + "Exception Thrown in getOutlookCalendarItems()");

                Console.Out.WriteLine(DateTime.Now + " Error accessing Outlook Calendar: " + strCalendarURI);
                //Console.Out.WriteLine(ex.Message.);
                // Console.Out.WriteLine(ex.InnerException.Message);
                return new XmlDocument();
                // string temp = Console.In.ReadLine();
            }
       
0
 
LVL 9

Accepted Solution

by:
DCMBS earned 0 total points
ID: 24243044
I got the following response from Alan J Macfarlane on the Microsoft Developer Network > .NET Development Forums > .NET Framework Networking and Communication forum which fixed this issue


That sounds like the documented side effect of MS08-068 on Windows authentication.  To stop authentication reflection attacks it will reject credentials that appear to come from the box, leave, and are reflected come back in -- which is how your request appears to it.  See
http://www.microsoft.com/technet/security/bulletin/Ms08-068.mspx 
http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx 
http://support.microsoft.com/kb/957097 
The simplest workaround appears to be to change the hostname/URL you use from "scheme://thisservername/" to "scheme://127.0.0.1/".  Is that possible?
There's new support in 3.5 SP1 for client connection to apply workarounds for this change in server behaviour, see http://msdn.microsoft.com/en-us/library/cc982052.aspx
There is also workarounds that can be applied to the server to disable some of the checks, that will likely solve this problem, but will return the server to the insecure state.

0
 
LVL 9

Author Comment

by:DCMBS
ID: 25695910
To specify the host names that are mapped to the loopback address and can connect to Web sites on a local computer, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. In Registry Editor, locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

3. Right-click MSV1_0, point to New, and then click Multi-String Value.

4. Type BackConnectionHostNames, and then press ENTER.

5. Right-click BackConnectionHostNames, and then click Modify.

6. In the Value data box, type the host name or the host names for the sites (the host name used in the request URL) that are on the local computer, and then click OK.

7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Hello there! As a developer I have modified and refactored the unit tests which was written by fellow developers in the past. On the course, I have gone through various misconceptions and technical challenges when it comes to implementation. I would…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses
Course of the Month15 days, 22 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question