I have run into a snag while building a web client that makes use of a RESTful web service using Integrated Windows Authentication.
When I run the client locally (as myself), it works fine, and I see my user id in the IIS logs. But, when I run it remotely, no credentials are passed (i.e. I do not see my user id in the IIS logs), and I get an error that
"The remote server returned an error: (401) Unauthorized."
Both the local and published client call the same service. Also note that the IIS logs show two entries (one without a username and one with a username) when I run it locally. When I run in from the published location, there are still two entries, but neither shows the username.
Below is the code I am using to make the call:
var request = (HttpWebRequest) WebRequest.Create(ConfigurationManager.AppSettings["positionServicePath"] + "?positionNumberSearch=" + searchString);
request.Method = "GET";
request.ContentType = "application/json";
request.UseDefaultCredentials = true;
request.PreAuthenticate = false;
CredentialCache cc = new CredentialCache();
cc.Add(
new Uri(ConfigurationManager.AppSettings["positionServicePath"]),
"Negotiate",
CredentialCache.DefaultNetworkCredentials);
request.Credentials = cc;
// Get the Response
using (var response = request.GetResponse()){
var reader = new StreamReader(response.GetResponseStream());
// Convert the response to objects from Json
var resultList = JsonConvert.DeserializeObject<IEnumerable<PositionModel>>(reader.ReadToEnd());
// Return an empty list, if no data was retrieved
return resultList != null ? resultList.ToList() : new List<PositionModel>();
}
Any help would be greatly appreciated.
I think you have to create IIS user permitted to your project.
Follow this Anonymous Access
Second Option:
Try to enabled anonymous access in Authentication Methods in Microsoft Internet Information Services (IIS).
Step:
1. Open your IIS.
2. In IIS Group:
3. open or select Authentication:
4. Select Anonymous Authentication:
5. On the Left Side select Enabled.
Good Luck!
I found the answer to this issue was the same for the answer to the following Stack Overflow post: Unable to authenticate to ASP.NET Web Api service with HttpClient.
Thank you to those who took the time to look this over!
Related
I have a WPF app written in c# and it is supposed to work in offline and online both. I have a class that checks for connectivity to web service using following skeleton code :-
var url = "https://somesite.com/mywebservice.svc";
var myRequest = (HttpWebRequest)WebRequest.Create(url);
var response = (HttpWebResponse)myRequest.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
Debug.Write(string.Format("{0} Available", url));
}
else
{
// error
}
The issue is the web service requires authentication and hence an "unauthorized" exception is always thrown. Although the exception means the service is available but it is logged at network level and causes security alarm as the check is every 10 seconds. Is there a way to check the authenticated service availability without use of credentials or any other solution to above problem?
Thank you for the help!
I have written a simple ASP.Net WebAPI that download a file from an on-prem tfs server using a rest call. The issue is when I connect to this site from my user account(corp domain), and set the credentials in webRequest to CredentialsCache.DefaultCredentials, it works fine since I am a vlid user on the tfs project.
Now someone else in my team wishes to use the same webAPI and when they hit the same url, I could see that its my credentials being used again to download the file.
I suspect this is because of using CredentialsCache.DefaultCredentials in my controller code, but I am not able to find a way using which I should be able to use the client's identity to be used for the download request.
My question is , is there a way to extract the windows identity or network credentials of the remote user(on the same domain) which I can use for Authentication. I am sorry if this is a DUP but I could not find a targetted answer to my question yet. Sample code is pasted below.
var request = (HttpWebRequest)WebRequest.Create(uri);
request.Credentials = CredentialCache.DefaultNetworkCredentials;
try
{
var webResponse = request.GetResponse();
var webStream = webResponse.GetResponseStream();
if (webStream != null)
{
var objReader = new StreamReader(webStream);
return objReader.ReadToEnd()
}
}
I dont know if I understand you correctly but I think impersonation is what you're looking for:
http://msdn.microsoft.com/en-us/library/xh507fc5.ASPX
I have an intranet site which calls a POST method from another server, also on the intranet.
If I set the Authentication mode to Basic Authentication in IIS I can use the following:
HttpWebRequest oReq = (HttpWebRequest)WebRequest.Create(sURL);
oReq.ContentType = "application/x-www-form-urlencoded";
oReq.Method = "POST";
oReq.Timeout = 60000;
...
oReq.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
...
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
All of the above works as intended.
However I need to change the security to Windows Authentication in IIS, and once I do I keep getting error 401 unauthorized on this line:
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
That can be fixed by changing the credentials like so:
NetworkCredential creds = new NetworkCredential("username","password","domain");
oReq.Credentials = creds;
But that's not the right way anyway. How can I get the default credentials to work for Windows Authentication also?
If you've got one web site calling out to another, you've got a 2nd hop. This is a kerberos 2nd hop problem.
The intranet site needs permission to call the 2nd site on behalf on the end user.
I'd suggest you use a tool call DelegConfig. I can't recommend it highly enough. Its a simple asp.net application that will tell you what is wrong with your kerberos setup and can tell you how to fix it (or do it itself if you want)
I've found I had to get the client to server authentication working first for it it work, but once thats there it makes working out what wrong with the next hop to UNC/http/sql etc very easy.
I am having difficulties authenticating a HttpWebRequest to a webserver. The response I am receiving is simply a 401. I've made sure I set the credentials correctly on the C# side, and IIS is correctly set to allow NTLM authentication. I don't know if this matters, but he computer is not on the same domain as the the web server.
I am sure the user/pass is correct but are there any other authorization settings needed to configure on the user?
If I enable Basic authentication, and disable Windows Authentication, the request works perfectly (with the correct C# code changes of course).
What am I missing?
webRequest.UseDefaultCredentials = false;
webRequest.PreAuthenticate = true;
var c = new NetworkCredential("User", "password", "domain");
CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(new Uri(Url), "NTLM", c);
webRequest.Credentials = credentialCache;
Heres a snapshot of my settings in IIS.
Failed Request Tracing:
With the help of a colleague, we were able to determine something was wrong in the way Windows was dealing with the authentication. Looks like a setting in the Local Security was wrong. Changing Local Policies > Security Options > Network access: Sharing and security model for local accounts from Guest only - local users authenticate as Guest to Classic fixed the problem.
What is the value of the credential cache lines,
CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(new Uri(Url), "NTLM", c);
why not simply set
webRequest.Credentials = c;
401.2 likely means that either that web server you are connecting to is not enabled to use NTLM (which it seems to be according to your screenshot), or that there is a proxy between your client and the web server
i want to download a ssrs report in Excel format in code.
So i first checked the url: it is correct
then i created a webrequest, with a NetworkCredential for the same user which can open the link in the browser.
I moved developing to the ssrs machine itself ( it has vs2008 on it)
so now i'm on the ssrs machine, logged on as user A, starting a webpage, create a webrequest with the same credentials as i'm currently logged on with to the ssrs machine (user A).... and get a 401.
What i don't know is what is giving me the 401. Is it the webserver denying me, or is it ssrs itself (i'm a newbee at ssrs so i don't know much about rights on reports in ssrs itself, but as i said: my logon credentials are the same as the webrequest credentials: user A).
i've googled a lot and tried 5 solutions, but no luck so far.
This won't work if NTLM credentials are required:
webrequest.Credential = new networkcredential ("","","");
You can try the following but it likely will not work:
webrequest.Credentials = CredentialCache.DefaultNetworkCredentials;
Chances are you will need to pass in the actual credentials like:
NetworkCredential networkCredential = new NetworkCredential(UserName, Password, Domain);
CredentialCache credCache = new CredentialCache();
credCache.Add(new Uri(url), "NTLM", networkCredential);
webrequest.Credentials = credCache;
SSRS will need to authentic the WebRequest and default/blank credentials cannot be passed in.
This reminded me of something I ran into a couple years ago:
http://support.microsoft.com/kb/896861
I'm not sure how likely this problem is, but I really think it's worth implementing "Method 2" from that support article (a simple registry addition) just to see if that resolves the problem. (Yes, the article lists a bunch of old OS versions, but I successfully used this on a bunch of SharePoint 2007 servers to resolve problems.)
Worth a try, I think...
I always set
WebRequest.UseDefaultCredentials = True
Then I run the app as the user accessing the SSRS server.
At first I suggest installing Fiddler Web Debugger on the machine where the calling application is run. This way you can see exactly the requests and responses that are made between your application and the SSRS. You might find something like an ISA proxy wanting you to additionally authenticate to it.
Assuming your caller is a console or WebForms application, the following code passes the credentials under which your application runs to the SSRS:
WebRequest webRequest = WebRequest.Create(url);
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
// request authentication
httpWebRequest.UseDefaultCredentials = true;
// which is the same as
httpWebRequest.Credentials = CredentialCache.DefaultCredentials;
// optional proxy authentication
httpWebRequest.Proxy.Credentials = CredentialCache.DefaultCredentials;