I have a web service which the home page is displayed and runs if I turn on Integrated Windows authentication. Now if I turn that off and Anonymous Access is on I can not even get to the wsdl page. I get the error
Access is denied.
Description: An error occurred while accessing the resources required to serve
this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration.
Verify that you have permission to view this directory or page based on the
credentials you supplied and the authentication methods enabled on the Web server.
Contact the Web server's administrator for additional assistance.
Version Information: Microsoft .NET Framework Version:2.0.50727.3625; ASP.NET
Version:2.0.50727.3634
The IIS I am working with is 5.1
I gave IUSER access to the directory, full control for now.
I am out of ideas. Thank you for your help
The root cause of this issue had to do with the website requiring Windows Authentication but the switch for HTTP-keep alive in the IIS Manager was unchecked.
Related
I created my azure web-app and created app registration. and connected Azure AD to my web app. I used express security and I also used advance security with client ID and client secret. I know there is a similar question about this error. but it is not clear answer.
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
Things you can try:
Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a managed handler.
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
From your description, I know that the problem is most likely due to the lack of web.config file.
Solution:
It is recommended to ensure that your project can run normally locally.
Continuous deployment is recommended
At present, the reason for your problem is the lack of web.config, which will be automatically created when using git deployment. As shown below.
For more details, you can check my answer in another post.
Azure Web App getting “You do not have permission to view this directory or page.” when launch app
I'm using SoapUI 5.2.1 and accessing a IIS hosted web service on my domain. The web service has windows authentication enabled.
When I browse to the wsdl using internet explorer, it asks for my credentials, then shows the wsdl.
When I do the exact same with soapui, it prompts for my details, then fails and when I check the http log it sayus 'unauthorised: access is denied due to invalid credentials'.
But I'm entering it correctly, I've even tried various permutations of domain\username, username, leaving the domain text box blank or entering it there.
Any ideas?
I needed to provide a lot more info than would fit into a comment...
The other setting that I was referring to is detailed here : https://www.soapui.org/soap-and-wsdl/authenticating-soap-requests.html. If you are sure its windows credentials authentication, then use the NTLM setting. You may have to restart for the settings to take effect.
"Domain – add this for NTLM authentication challenges. If you are authenticating NTLM, make sure to note the following in your configurations:
File > Preferences > HTTP Settings tab > uncheck Authenticate Preemptively preference
for NTLM v2 provide your username as "DOMAIN\USERNAME" or at least as "\USERNAME""
If you still have issues, you can use BURP suite or Fiddler or similar proxy tools for proxy setup. BURP is an extensive security testing tool and may even be an overkill. Fiddler is a proxy. Check out these two links:
Burp : Testing web service with SoapUI and Windows authentication
Fiddler: Using fiddler with Windows Authentication
I have a Silverlight 5 app that runs on a SharePoint 2007 site. The Silverlight app gets a bunch of data from SharePoint lists using the Lists.asmx service. The main site is secured using NTLM security and Silverlight is able to successfully call the web services without having to eplicitly set anything to do with authentication. We extended the SharePoint site to a second domain that uses asp.net FormsBasedAuthentication. On this version of the site, the first web service call fails with a 403 Forbidden response and the exception:
System.ServiceModel.CommunicationException: The remote server returned an error: NotFound. ---> System.Net.WebException: The remote server returned an error: NotFound. ---> System.Net.WebException: The remote server returned an error: NotFound.
As I understand it, this is a generic message and not the true exception. Well, obviously we need the real exception to have any idea what the problem is. This MSDN page (Creating and Handling Faults in Silverlight) offers two solutions to getting the real exception.
The first is to modify your WCF service to return an alternate HTTP status code. This doesn't work because for one, it is not a WCF service, it's an .asmx web service so I can't add the suggested WCF behavior to modify the status code. Second, it's SharePoint's service so I can't do much to modify it anyway. Could I modify IIS to achieve an equivalent solution somehow?
The second solution is to register an alternative HTTP stack in the Silverlight application. I tried this out and found out the "real" exception was an authentication exception. So I went down dead ends trying to figure out out to get authenticated for about 24 hours only to finally find out that normally, the ASP.NET authentication cookie is passed with the service request, unless you are using the Client HTTP stack. So registering the client HTTP stack allowed me to see real exceptions, but it created its own exception which seems to only be fixed by not using the Client HTTP stack...
I believe have verified with Fiddler that the authentication cookie is being sent when using the default HTTP stack. I don't know if the Lists.asmx service is unable to use it and is giving an authentication error anyway, or if there is some other exception. How can I determine the cause of the "The remote server returned an error: NotFound." exception?
Well, this isn't a good answer to the quesion "How can I determine the cause..." but it's what worked for me. What I did was open up STSSOAP.dll, the assembly containing the Lists service implemention, in reflector. I copied the relevant code to implment my own GetListItems method in my own service. Luckily, the actual Lists.GetListItems method code was minimal and just called other SharePoint methods and even luckier, those methods & members are all declared public so I was able to do this. I then replaced Lists.asmx with my version on the server and attached the debugger to get some info. What I found was my authentication cookie was being used and HttpContext.Current.Session.User.Identity.IsAuthenticated was true. So it knew I was logged in. But I was still getting an authentication error which I could see farther down in SharePoint's code, was converted to a 403.
So I know asp.net considers me authenticated but SharePoint says I don't have permissions. But the service account the app pool is running under is a SP admin so why don't I have permissions? So next I inspected the SPContext.Current.Web.User; SharePoint's current user. It was null! In other words, as far as SharePoint is concerned, I'm still logged in as an anonymous user because I haven't explicitly logged in with a domain user, and an anonymous user doesn't have permissions on the list I'm accessing or most of the rest of the API. The answer by Sean McDonough to this quesion lays it out.
Basically I need to run the involved code with elevated privileges to get the code to run under the asp.net service account that I originally thought it was running under. If using the API, you can use the RunWithElevatedPrivileges delegate. But if you're calling the web services, you can't do that. The few options I could think of were:
Call the services on the base site that uses Windows Authentication. This would require me to embed the credentials in the client-side Silverlight application which is a security threat so I nixed this one.
Implement my own web service to get the data for me.
The web service could access the list using the SharePoint API and
RunWithElevatedPrivileges.
The web service could call the Windows Authentication site's services passing the current credentials or other embedded credentials.
For implementation ease, all I've done so far is the second option under number 2 and it's working. However, it is clunky and I may change to option 1 which I expect will also work.
I have created a web service (.svc). The web service is running successfully when i connect through local computer, but when i deploy the web serivce on a web server it can't be accessed and shows an exception.
"Unable to automatically step into the server. Connecting to the server machine 'XXX' failed. Logon failure: unknown user name or bad password. See help for more information."
The service is running in a browser successfully, and can also be accessed as a client from the web server in a broswer.
Thanks.
This looks like a permissions related issue.
When you run locally, chances are that you have sufficient privileges to access the service.
The picture changes on the server. Check under which account the service is running then make sure you have the proper permissions or configure your service to accept calls from you or from unauthenticated users.
It seems you are trying to debug the webservice on the server. Is that what you intended? Then make sure your account has rights to do so on the server.
Debugging aspnetwebservice on a remoteserver
If you want to make sure the webservice runs you also can open the webservice using a browser.
I'm trying to use the Admin webservice of SharePoint 2007 within a console application. So I add a new service reference to my project pointing to http://<central administration>/_vti_bin/Admin.asmx. But instead of creating the proxy class it ends in an error. Regarding the error message, the service cannot be accessed due to an authentication problem.
The HTTP request is unauthorized with
client authentication scheme
'Anonymous'. The authentication header
received from the server was
'Negotiate,NTLM'.
Also trying to access the page via web browser results in a redirect to an error page. I can access all other webservices via browser as well as via Visual Studio.
I've also had a look at the add service reference menu, but couldn't find option to pass any credentials.
What am I doing wrong?
You should use the right URL. Try using the following:
http://CentralAdministration:Port/_vti_adm/Admin.asmx
Take a look at Nick Swan's blog.
Try to enable Anonymous access and Enable Integrated Windows autehntication in IIS.