SharePoint web-service. Error 401: Unauthorized - web-services

Please help to solve the problem.
I have application. It calls SharePoint web-service List.asmx to get list elements.
Here the code:
Lists listService = new Lists();
NetworkCredential credentials = new NetworkCredential();
credentials.UserName = serviceUserName
credentials.Password = servicePassword;
credentials.Domain = domain;
listService.Credentials = credentials;
listService.Url = serviceUrl.ToString();
XmlDocument xmlDoc = new XmlDocument();
XmlNode nodeListItems = listService.GetListItems(categoryListName.ToString(), null, null, null, "10000", null, null);
The credentials user has access to the list site.
If I deploy application on any server, is's ok. I get elements of List. But if I deploy application one the same server with list site, I get an Error 401: Unauthorized.
How can I solve the problem? I realy need to deploy application on the same server.

A bit of research and I found the reason behind it.
The .Net 3.5 framework introduces a loop-back problem that affects web service authentication in SharePoint. This issue doesn’t allow web services to be accessed by any mode (client/tool/server). Microsoft decided to introduce this, but unfortunately it breaks a number of different things in SharePoint.
Hence a registry entry has to be created in the web front end servers to resolve the loop back issue.
Implementation
Perform below steps on each of the SharePoint Web Front End Servers.
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart your computer.
https://askmanisha.wordpress.com/2014/03/26/401-unauthorized-error-while-calling-a-web-service/

Related

Host web UI with executable application?

This may be a very stupid question but I have spent nearly 5 hours doing research on the web and found nothing to fully clarify my doubts.
In few words I have been asked for a possible employer to develop certain executable application as part of a "Technical Test". Supposedly they're measuring my expertise working with WCF. I was given two days to develop such App and all the information about it is the following:
Deliverable:
                - An executable that
                                * When APP is ran, it should host a WCF service (SERVICE) as well as a
web UI (UI) accessible by web browsers.
                                * Through the UI, user should be able to add or delete messages stored in a
database (DB).
                                * The UI should also display the current list of messages stored in the DB.
                                * If changes are made to the DB, those changes should show up in the UI
without the need to reload the page.
                - All of the project source code.
               
Additional notes:
Use of existing libraries is allowed as long as they are clearly referenced
Now, I understand that you can host a WCF Web Service using a Console Application (among other options) and the Service will be alive as long as the application is running. I also know that any Web Application can access this service by just adding a Service Reference, creating a client of its type and calling its methods. My confusion begins when they ask me to put all together in one executable application:
When APP is ran, it should host a WCF service (SERVICE) as well as a web UI (UI) accessible by web browsers.
What is that supposed to mean?? How can I host a Web UI using an executable?? Am I supposed to develop something like IIS and at the same time somehow define the html and server side code on the APP?
I did some research and I found a class(HttpListener) that allows you to open an http port, listen and then send back some html thru it. A very simple class. If this is a solution I can't see how to implement it. Other than that I couldn't find anything else on the web.
I would appreciate any opinion on the matter, even if I'm not able to develop the solution in time I would like to know how to do it. And if I'm missing some important basic concept regarding WCF or Web Hosting please I would greatly appreciate some clarification. Thanks in advance.
You can use OWIN to "self host" web apps.
An overview and further information can be found here - http://codeopinion.com/self-host-asp-net-web-api/
I solved the problem by hosting the web UI in the service itself. A service operation can return anything, even a Stream of bytes with the html for the browser to render. Here's the code.
[WebGet(BodyStyle = WebMessageBodyStyle.WrappedRequest)]
public Stream GetUserInterface()
{
var appDirectoryName = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var htmlFilePath = appDirectoryName + "\\UI.html";
var buffer = File.ReadAllBytes(htmlFilePath);
if (WebOperationContext.Current != null)
WebOperationContext.Current.OutgoingResponse.ContentType = "text/html";
return new MemoryStream(buffer);
}
As you can see on the same directory than the executable I placed a UI.html file, this file contains all my UI html, javascript and css. Then I convert it to an array of bytes and return that to the browser.
So the only thing I have to do to access the UI is run the application and then browse to this operation. Eg: http://localhost:8080/MyService/GetUserInterface.
For the database part I used SQlite, in this way the application became a standalone that can be installed in a PC and run immediately without the need of Database or Web hosting. Exactly what the test requested.
Alternatively the class that I mentioned in my question (HttpListener) can also be used to host the Web UI instead of the service. This is another solution.
private static void HostUI()
{
while (true)
{
using (var listener = new HttpListener())
{
listener.Prefixes.Add("http://localhost:7070/");
listener.Start();
var context = listener.GetContext();
var response = context.Response;
//The .html file will be in the same folder where the .exe is
var appDirectoryName = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var htmlFilePath = appDirectoryName + "\\UI.html";
var buffer = File.ReadAllBytes(htmlFilePath);
response.ContentType = "text/html";
response.ContentLength64 = buffer.Length;
Console.WriteLine(buffer.Length);
var output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
output.Close();
listener.Close();
}
}
}
The reason why I used an infinite loop is because the HttpListener class implementation processes only one order by loop, so in order to able to request the UI multiple times you need to do this.
Then you can browse to http://localhost:7070/ and you'll see the UI too.
You can put this code in an independent thread to host the Web UI without affecting the main thread.

Coldfusion 8 Submit Changes does not save Mail Server Settings in CF Administrator

I am currently running Coldfusion 8,0,1,195765 on a Windows 2003 SP 2 server over IIS 6.0.
I needed to change one of the Mail Server Settings in the ColdFusion Administrator, but when I clicked Submit Changes, the page appeared to refresh, and the field was reverted.
I made a change to another page to make sure that changes could be made, and sure enough, the change was applied.
There are no errors shown - everything looks normal, aside from the change.
I was able to make my changes programatically, using mail.cfc, and my change did appear in CF Admin.
My concern is that mail functions have been corrupted or compromised - my primary request for the stackoverflow gurus is how can I restore my Mail Server Settings functionality?
My secondary request is How could this have happened?
Thank you for reading my question.
I am having a similar problem with debugging.
Regarding your first question... You can access the administrator api programatically. Here's how you can verify connection and verify what the current settings are:
<cfscript>
/* you must log in first */
adminObj = createObject("component","cfide.adminapi.administrator"); // this assumes default installation
adminObj.login("password"); // enter your cf admin password
mailServerObj = createObject("component","cfide.adminapi.mail");
value = mailServerObj.getMailServers();
</cfscript>
<cfdump var="#value#">
Value is an array of your current mail server settings.
To make a change change the last part of your script to:
mailServerObj = createObject("component","cfide.adminapi.mail");
mailServerObj.setMailServers(
"yourMailServer",
portNumber,
username="yourUsername",
password="yourPassword",
priority="yourServerPriority");
value = mailServerObj.getMailServers();
The only required value is the entry for yourMailServer. Also, the optional value, portNumber, must be numeric.
Check out http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=basiconfig_37.html for the Adobe documentation for using the Administrator API.
You can also see a complete listing of the Administrator API CFC and their respective functions, check out http://www.cfexecute.com/admin-api-documentation/

Editing SharePoint2010 List from Out side windows app.

Actually I am trying to add items in a share point List from a windows application. It all goes fine when I added the web reference and the able to get the all the offerings listed for Lists.asmx.
When I execute my program and try to call listServiceObj.GetListAndview("Customers","");
It gives me error "The request failed with HTTP status 401: Unauthorized" . Please note that at this time my credentials and url of the service reference were;
SpListService.Lists spListService = new SpListService.Lists();
spListService.Credentials = System.Net.CredentialCache.DefaultCredentials;
spListService.Url = "http://localhost/_vti_bin/Lists.asmx";
XmlNode customerListView = spListService.GetListAndView("Customers", "");
Then I Changed the above code to ;
SpListService.Lists spListService = new SpListService.Lists();
spListService.Credentials = System.Net.CredentialCache.DefaultCredentials;
spListService.Url = "http://<PC-Name>/sites/Home/_vti_bin/Lists.asmx";
XmlNode customerListView = spListService.GetListAndView("Customers", "");
then I recieved the following error;
"Exception of type 'Microsoft.SharePoint.SoapServer.SoapServerException' was thrown."
I have made the logged in user in the group of full controll. also the member of the Administrator group.. but same result....
Also please note that when try and access "http://localhost/" or "http:///" it gives me access denied page of SP2010.... instead I have to write "http:///sites/Home/SitePages/Home.aspx" to open my team site collection
I really stuck in to this .... would be really pleased to have some solution to this problem of mine...... Thanks in advance
MJay
I had a similar problem when I implemented my first SharePoint lists Web Service client. The reason was that the autogenerated client class actually introduced itself as a Mozilla web browser by default! The SharePoint server did not allow basic authentication for browsers so the client was actually redirected to firewall login page.
I suggest you to inherit another class from the Lists class and do the following:
Set another user agent value in constructor.
Set the "preauthenticate" property to true. This should force the client to send the credentials in the first request, not only after they have been asked for.
If necessary, try giving the credentials explicitly.
See the example below.
public class CustomizedLists : Lists
{
public CustomizedLists() : base()
{
this.UserAgent = "Some SharePoint client";
this.PreAuthenticate = true;
System.Net.ICredentials creds = new System.Net.NetworkCredential("user", "pwd");
this.Credentials = creds.GetCredential(uri, "Basic");
}
}

Calling a custom SharePoint web service from ASP.Net AJAX gives a 403 error?

I have developed a custom SharePoint web service, and deployed it to /_vti_bin/myservice.asmx. As a "regular" user, browsing to that ASMX URL works fine. When I try to browse to "/_vti_bin/myservice.asmx/js" as required to call this service from ASP.Net AJAX, I get a 403. If I browse to it as no less than a farm admin (site collection admin doesn't work), I get a 403. It is entirely possible that the farm admin's role as a local server admin is also allowing it to work.
This is my web service class:
[WebService(Namespace = "http://sharepointservices.genericnamespace.com/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
[System.Web.Script.Services.ScriptService]
public class ApprovalSvc : System.Web.Services.WebService
{
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Xml)]
public XmlDocument GetInboxItems(string inboxName, string s_Id)
{
// code removed
}
}
This is the art of my web part code where I am hooking up the ASP.Net AJAX stuff:
ScriptManager scriptMgr = new ScriptManager();
string webUrl = SPContext.Current.Web.Url;
ServiceReference srvRef = new ServiceReference(webUrl + "/_vti_bin/ApprovalSvc.asmx");
scriptMgr.Services.Add(srvRef);
this.Controls.Add(scriptMgr);
If I'm logged in as a farm/server admin, it works. Otherwise, no. The web service assembly is in the GAC & listed in SafeControls. Any ideas?
Good old Process Monitor to the rescue.
The facts:
The service code DLL is in the web application's bin directory, as it cannot be signed b/c it references unsigned DLLs.
The request for the service DLL is coming from ASP.Net & not SharePoint, specifically an HttpModule in the System.Web.Extensions assembly.
The solution:
Because the request didn't come through SharePoint, and identity impersonation is also turned on by default, the default NTLM permissions on the web app's BIN directory were not good enough - the user's account had no access to the BIN directory or the DLLs within it.
We gave the NT AUTHORITY\Authenticated Users Read access (not Read & Execute, not List Folder Contents, just Read) to the folder, and all is well.

Login failed when a web service tries to communicate with SharePoint 2007

I created a very simple webservice in ASP.NET 2.0 to query a list in SharePoint 2007 like this:
namespace WebService1
{
/// <summary>
/// Summary description for Service1
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class Service1 : System.Web.Services.WebService
{
[WebMethod]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
public string ShowSPMyList()
{
string username = this.User.Identity.Name;
return GetList();
}
private string GetList()
{
string resutl = "";
SPSite siteCollection = new SPSite("http://localhost:89");
using (SPWeb web = siteCollection.OpenWeb())
{
SPList mylist = web.Lists["MySPList"];
SPQuery query = new SPQuery();
query.Query = "<Where><Eq><FieldRef Name=\"AssignedTo\"/><Value Type=\"Text\">Ramprasad</Value></Eq></Where>";
SPListItemCollection items = mylist.GetItems(query);
foreach (SPListItem item in items)
{
resutl = resutl + SPEncode.HtmlEncode(item["Title"].ToString());
}
}
return resutl;
}
}
}
This web service runs well when tested using the built-in server of Visual Studio 2008. The username indicates exactly my domain account (domain\myusername).
However when I create a virtual folder to host and launch this web service (still located in the same machine with SP2007), I got the following error when invoking ShowSPMyList() method, at the line to execute OpenWeb(). These are the details of the error:
System.Data.SqlClient.SqlException: Cannot open database "WSS_Content_8887ac57951146a290ca134778ddc3f8" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Does anyone have any idea why this error happens? Why does the web service run fine inside Visual Studio 2008, but not when running stand-alone? I checked and in both cases, the username variable has the same value (domain\myusername).
Thank you very much.
Thank you very much for the replies. I'll look into the documents to see how i can change the settings related to the application pool as suggested.
I want to make clear that i wanted to build a webservice to run outside of sharepoint (but can be deployed on the same server with sharepoint).
Is there any way i can programmatically pass the credentials (another domain account instead of 'NT AUTHORITY\NETWORK SERVICE' by default) to sharepoint when invoking OpenWeb method? I believe if i'm able to do that then i can walkaround the security issue above.
When you create your own custom virtual folder and set it inside the IIS, it's highly possible that the user account who run the application pool of that particular IIS virtual directory is currently set to NT authority\Network Service.
You can check carefully, by looking closely of what is the actual application pool that run that particular IIS virtual directory.
From there, you can go to the "Application Pool" folder and right click, choose Properties. Select the "Identity" tab, and it will show you who is the user account that currently running the application pool.
Alternatively, you can refer to the SharePoint SDK, something similar to ExtractCrmAuthenticationToken in dynamics CRM to extract the Authentication Token ticket.
Or alternatively you can use Network Credential to embed your own custom user id and password.
Hope this helps,
hadi teo
I fully agree with Hadi, if this is something you want to just quickly test, for a proof of concept, you can change the credentials under what the Application pool runs, to a user that has permissions. Or you could use Identity Impersonate setting in your config file.
However resist the temptiation to do this in a production enviroment, use the proper authentication. It will come back, to bite you.
If you need to set this up for production, there is a couple of areas that you want to look at, duplicate SPN's, and deligation probably the most common areas that is not configured correctly. Your error however points to impersanation not happening.
Also make sure you are deploying the web service to its own web site that does not already run SharePoint. If you want the web service to run on the same web site as SharePoint read Creating a Custom Web Service.
You can check what application pool identity SharePoint is using by following the same instructions that Hadi writes, but for an app pool running SharePoint. Make sure to only change the application pool used by your web service and not SharePoint or else other permission errors could occur within SP. (There should be no reason but if you are interested in changing the app pool identity used by SharePoint follow these instructions.)
On solution would be to "impersonate" as the SharePoint System account using the following code:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// also dispose SPSite
using (SPSite siteCollection = new SPSite("http://localhost:89"))
{
using (SPWeb web = siteCollection.OpenWeb())
{
// ...
}
}
});