401 Authentication fail calling Web Service over SSL from PocketPC with Basic Authentication.

From: John Hynes (john_at_hynes.plus.com)
Date: 09/19/03


Date: Fri, 19 Sep 2003 14:49:49 +0100


Hi,

I'm trying to access a Web Service over SSL from a PocketPC device (iPaq).

The Web service is running on IIS 5.0, with Basic Authentication and Require
SSL enabled.

I can successfully access the web service from the browser - I have to enter
the username/password and OK a message box about the server certificate name
not matching the server name (it does!).

When calling from a pocket PC application, I have created an implementation
of ICertificatePolicy and overridden CheckValidationResult to return true
for my server and avoid "Trust Failure" exceptions.

Now when I call the web service it throws an exception - "401 Authentication
Failure".

If I don't use SSL everything works OK.

Code to access my service is:

                m_nc = new NetworkCredential( strNetUser, strNetPassword,
strDomain );
                m_ms = new MyMobileService.MobileService();
                m_ms.Timeout = 60000;
                m_ms.Url = "https://.....";
                m_ms.Credentials = m_nc.GetCredentials( new Uri(m_ms.Url),
"Basic" );
                m_ms.PreAuthenticate = true;

                m_ms.Login(); // web service call - throws exception

Since I can access the service through a browser I'm guessing the server
setup must be OK, and the code above works fine if i use http rather than
https.

Anyone any ideas what to try?
If you're not familiar with the Compact Framework, CredentialCache is not
supported, Windows Authentication is not supported, and client certificates
are not supported so I have to use basic authentication.

Thanks
John



Relevant Pages

  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... if the other endpoint has a trusted and valid SSL certificate, he would see the data in cleartext. ... But if you let customers change the endpoint address they must be also able to change the server certificate for mutual authentication..so i don't see a real advantage to use additional message security - and you are in the same situation as with transport security. ... I plan on upgrading my .NET 2.0 web service to use WSE 3.0. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: WebException while calling Web Service over HTTPS...
    ... I verified that the Web Service is using SSL version 3 Certificates. ... I can't get any details on their server envirnoment due to ... suggest that the SSL Session between the client and the server was ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: MOSS 2007 crawl broken
    ... apparently a bug in MOSS 2007 that means it can't crawl SSL enabled ... the index server can access it and avoid confusing your end users. ... everything worked just fine apart from the crawl service. ... Error in the Site Data Web Service. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Web Service and Security
    ... You could install SSL on the server that is hosting the web service. ... >>> another service not secure. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: MSMDPUMP.DLL Peformance
    ... to the AS 2005 server and the issue was resolved. ... authentication information... ... We noticed that a second web service applcation we wrote, ... Does it appear to occur only with Basic authentication? ...
    (microsoft.public.sqlserver.olap)