IIS Server Security - HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unauthor

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > March 2007 > HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unauthor





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unauthor
Grant_S

2007-03-20, 7:19 pm

I have an asp.net web application which posts a request to another asp.net web application. I am coding in C# using Visual studio 2003, with .Net Framework 1.1 on a Wiondows 2003 server (running IIS 6.0.). In order to have all code running as managed code
, I changed existing code which uses MSXML ServerXMLHTTPClass to post requests to code using the .Net HTTPWebRequest class. When migrating the application to the Test web server, IIS appears to prevent access (=no record of the request in the Windows\Syst
em32\Logfiles\W3SVC1 files). I am using impersonation in the web.config file of the client and 'server' web applications. The Application needs to be configured in IIS to 'Windows Authentication' only. The impersonated account is a member of IIS_WPG group
an has NTFS permissions to the Applications physical folder. Even if I open up security (allow everyone). There is no web proxy issue. Both client and Server applications are at this point both on the same Test server with the same specs as the developme
nt machine (above).

THE ONLY WAY IT FUNCTIONS IS IF IIS FOR THE APPLICATION ON THE SERVER HAS 'ENABLE ANONYMOUS' TICKED.

I see a lot of posts on the internet highlighting this problem without any difinitive answer. Surely, Microsoft wishes the Managed classes to be used. Why then does there appear to be such a hassle for coders to use the class to achieve the same result as
the MSXML classes?

The code below is what I am using to make the call. Tracing shows that the call fails when the request is made (GetResponse()).

HttpWebRequest request=null;
Uri uri = new Uri(requestTargetAndQuery);
request = (HttpWebRequest) WebRequest.Create(uri);
request.Method = "GET";
request.Credentials = new NetworkCredential(this.m_User, this.m_Password);
string result=string.Empty;
using (HttpWebResponse response = (HttpWebResponse) request.GetResponse())
{
request response.",traceSwitch);
using (Stream responseStream = response.GetResponseStream())
{
using (StreamReader readStream = new StreamReader (responseStream, Encoding.UTF8))
{ result = readStream.ReadToEnd();
}
}
}

Hopefully someone can point me in the right direction (or let me know if the Framework class does not have the capability to achieve what I am trying)

Thanks Grant_S

From http://developmentnow.com/g/91_0_0_...is-security.htm

Posted via DevelopmentNow.com Groups
http://www.developmentnow.com
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com