|
Home > Archive > BizTalk Server Orchestration > July 2004 > Calling Web Service From Orchestration - Getting HTTP 401 Error
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Calling Web Service From Orchestration - Getting HTTP 401 Error
|
|
|
| Hi !
When I try to call a web service from my orchestration I get the error
"HTTP Code 410 - Access Denied". I found in the documentation an
articel which describes the steps to enable web services (s.
ms-help://BTS_2004/SDK/htm/ebiz_prog_webservices_ytrj.htm). I tested
it but it didn't changed anything. I get still the same error.
So what can I do?
Thank you !
| |
| Adrian Hamza[MSFT] 2004-07-13, 8:47 pm |
| Can you browse with Internet Explorer to the web service asmx file? Make
sure that the web service permissions defined in the web.config file allow
the client user to invoke that web service.
--------------------[vbcol=seagreen]
13:47:44 GMT)[vbcol=seagreen]
cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!fr.ip.ndsoftware.net!proxad.net!postnews2.google.
com!not-for-mail[vbcol=seagreen]
This posting is provided "AS IS" with no warranties, and confers no rights.
EBusiness Server Team
| |
|
| Thank you for replying !
Yes, I can browse to my web service with the Internet Explorer. In the
web.config I have the following lines:
<authentication mode="windows" />
<identity impersoinate="true" />
<authorization>
<allow users="*" />
</authorization>
But I get this error? Can you tell me which permissions I should set?
Thank you !
Alex
| |
| Matt Milner 2004-07-16, 5:50 pm |
| Does the biztalk service account that is running your orchestration have
rights to access that directory? Try turning off automatic login for
intranet in IE and log in with you service credentials through IE and see if
you can still browse it. Your biztalk service account will need to be able
to read that directory. Optionally, you can use basic authentication and
set properties on the send port to authenticate.
Matt
"Alex" <alex_doehling@web.de> wrote in message
news:6b375d96.0407160347.4562d7b9@posting.google.com...
> Thank you for replying !
>
> Yes, I can browse to my web service with the Internet Explorer. In the
> web.config I have the following lines:
>
> <authentication mode="windows" />
> <identity impersoinate="true" />
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> But I get this error? Can you tell me which permissions I should set?
>
> Thank you !
> Alex
| |
|
| The BizTalk service uses the same account like me, when I log into the
system. So we have the same rights. I tried to turn off the automatic
login without any effect. I also activated the basic authentication on
the send port, but also with no effect.
Any other ideas ?
"Matt Milner" <matt.milner@m3technologypartners dot com> wrote in message news:<OI$Mui2aEHA.752@TK2MSFTNGP09.phx.gbl>...[vbcol=seagreen]
> Does the biztalk service account that is running your orchestration have
> rights to access that directory? Try turning off automatic login for
> intranet in IE and log in with you service credentials through IE and see if
> you can still browse it. Your biztalk service account will need to be able
> to read that directory. Optionally, you can use basic authentication and
> set properties on the send port to authenticate.
>
> Matt
>
>
> "Alex" <alex_doehling@web.de> wrote in message
> news:6b375d96.0407160347.4562d7b9@posting.google.com...
| |
| Adrian Hamza[MSFT] 2004-07-22, 5:56 pm |
| Did you test using your account from the same BizTalk server machine or did
you use another desktop ?
Could you also check the proxy settings since NTLM authentication does not
go through the proxy?
--------------------[vbcol=seagreen]
Error[vbcol=seagreen]
<RyMEzUQaEHA.3316@cpmsftngxa06.phx.gbl>
<6b375d96.0407160347.4562d7b9@posting.google.com>
<OI$Mui2aEHA.752@TK2MSFTNGP09.phx.gbl>[vbcol=seagreen]
15:13:03 GMT)[vbcol=seagreen]
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!fr.ip.ndsoftware.net!proxad.net!postnews2.google.com!not-for-mail[vbcol=seagreen]
news:<OI$Mui2aEHA.752@TK2MSFTNGP09.phx.gbl>...[vbcol=seagreen]
see if[vbcol=seagreen]
able[vbcol=seagreen]
and[vbcol=seagreen]
This posting is provided "AS IS" with no warranties, and confers no rights.
EBusiness Server Team
| |
| Adrian Hamza[MSFT] 2004-07-22, 5:56 pm |
| Also are you sure the error is 410 and not 401?
401 Unauthorized
The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource. The client MAY repeat the request
with a suitable Authorization header field (section 14.8). If the request
already included Authorization credentials, then the 401 response indicates
that authorization has been refused for those credentials. If the 401
response contains the same challenge as the prior response, and the user
agent has already attempted authentication at least once, then the user
SHOULD be presented the entity that was given in the response, since that
entity might include relevant diagnostic information. HTTP access
authentication is explained in "HTTP Authentication: Basic and Digest
Access Authentication" [43].
410 Gone
The requested resource is no longer available at the server and no
forwarding address is known. This condition is expected to be considered
permanent. Clients with link editing capabilities SHOULD delete references
to the Request-URI after user approval. If the server does not know, or has
no facility to determine, whether or not the condition is permanent, the
status code 404 (Not Found) SHOULD be used instead. This response is
cacheable unless indicated otherwise.
The 410 response is primarily intended to assist the task of web
maintenance by notifying the recipient that the resource is intentionally
unavailable and that the server owners desire that remote links to that
resource be removed. Such an event is common for limited-time, promotional
services and for resources belonging to individuals no longer working at
the server's site. It is not necessary to mark all permanently unavailable
resources as "gone" or to keep the mark for any length of time -- that is
left to the discretion of the server owner.
--------------------[vbcol=seagreen]
Error[vbcol=seagreen]
did[vbcol=seagreen]
not[vbcol=seagreen]
in[vbcol=seagreen]
message[vbcol=seagreen]
have[vbcol=seagreen]
be[vbcol=seagreen]
the[vbcol=seagreen]
set?[vbcol=seagreen]
rights.[vbcol=seagreen]
This posting is provided "AS IS" with no warranties, and confers no rights.
EBusiness Server Team
| |
| Matt Milner 2004-07-22, 5:56 pm |
| What is the authentication mode(s) on the web service you are calling?
Windows/NTLM, basic, anonymous? This would be the setting on the directory
security tab in IIS for the virtual directory.
Make sure that whatever it is, matches your settings on the send port.
Also, as was mentioned, if you have a proxy server between biztalk and the
web service you'll need to configure the proxy settings on the send handler
(biztalk administration console) or on the send port.
If you are getting a 401, then either these configurations don't match, or
the account does not have access. If your account is the one that the
biztalk service is running as, then it is most likely a configuration issue
for either the proxy server or the authentication method.
matt
"Alex" <alex_doehling@web.de> wrote in message
news:6b375d96.0407220713.36d8bf4f@posting.google.com...
> The BizTalk service uses the same account like me, when I log into the
> system. So we have the same rights. I tried to turn off the automatic
> login without any effect. I also activated the basic authentication on
> the send port, but also with no effect.
>
> Any other ideas ?
>
>
> "Matt Milner" <matt.milner@m3technologypartners dot com> wrote in message
news:<OI$Mui2aEHA.752@TK2MSFTNGP09.phx.gbl>...[vbcol=seagreen]
see if[vbcol=seagreen]
able[vbcol=seagreen]
and[vbcol=seagreen]
| |
|
| Hi !
It works now ! Puhhh...
Many thanks to all of you for your great help. The problem was indeed
the configuration of my send port. I looked into the logfile of the
IIS and was very astonished when I saw that, though I entered the
right user account and the correct password into the configuration
dialog, the used account for connection was still anonymous. I have no
idea why, but in my logfile I have always the symbol "-" in the column
of the user ID. After I checked the settings ion this send port
configuration dialog (not the first time) I noticed that the maximum
length of the password is 8 chars. Also the input field allows you to
input a longer password. BizTalk saves only passwords with a length up
to 8 chars!
Now I'm using NTLM as the authentication mode. It works now.
Once again thank you !
Alex
|
|
|
|
|