Sporadic HTTP 401 Permission Denied Error

From: Mark Walker (markwalker42_at_hotmail.com)
Date: 05/13/03 

Date: Mon, 12 May 2003 19:08:49 -0700

Just an update on where this ended up...

I opened a case with Microsoft (CASE # SRX030327604751)
which started with the IIS folks. I discovered that when a
client normally accesses a web site/service that requires
authentication there is an initial denial (401 error)
followed by a successful request. The credentials aren't
passed until the request initially fails. This was evident
when we looked at the logs where access denied and
successful request messages were always paired. This
pattern was consistent throughout the logs and there were
no anomalies that could be associated with the sporadic
401 messages getting through to the client. Given this I
was handed over to the .NET framework folks.

We did some stack traces and other information gathering
exercises with the end result being a recommendation to
implement our own component to handle the security (the
component name escapes me for the moment). In parallel to
all of this I was reconsidering using web services vs.
using the better performing .NET remoting capabilities. I
was also considering using WSE (Web Services Enhancements)
to improve the situation.

In the end I ended up avoiding using an authenticated web
service (at least using Integrated Windows Authentication)
for this application and went with the .NET remoting
approach.

So the short of it is that the problem is solved by
avoidance rather than understanding and implementation.

I hope this helps

>-----Original Message-----
>I have been experiencing a sporadic HTTP 401 Permission
>Denied messages using web services.
>
>I'm protecting web services using windows authentication
>and setting the role in the web.config file for the
>service.
>
>IIS is configured (on Windows 2000 Server) to disallow
>Anonymous users and only allow Windows Integrated
>authentication and basic authentication. And the web
>service is protected by the builtin\Adminstrators role
(in
>web.config file).
>
>I've also tried using a non-adminstrator role to protect
>this service with no improvement.
>
>Most of the time access works but occasionally I will get
>the 401 error.
>
>Could this be a client connection limit issue?
>.
>

Relevant Pages

  • Re: Windows Authentication, Single sign on and Active Directory
    ... web service proxy client fails to connect due to authentication failure ... the web services anyway, as it is generally important to protect any ... web server is also a member of the domain). ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Programmatically turn off custom errors for current request
    ... We are now having to integrate some Web services into the ... >behavior of Forms Authentication ... >exceptions that can be handled by a non GUI client (ie. ... >client to Error.aspx and logging the exception on the server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Security of Web Services
    ... form based client of web services. ... my web application and Web services are in the same folder. ... Do I need to develop other authentication system? ... > is put the web services in a public folder and use the tag ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Security design question
    ... If the client application uses forms authentication can that be delegated to ... information on how to implement delegation like this? ... accounts from the web service client side to access the web services. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)