Re: HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unau
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Re: HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unau




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Re: HTTPWebRequest.request.GetResponse fails: remote server returned error: (401) unau  
David Wang


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-21-07 06:34 AM

If you do not see record of the request in the %windir%
\System32\LogFiles\W3SVC1 files, then either IIS did not handle the
request or the logfile has not flushed yet. It does *not* mean that
"IIS appears to prevent access" because even if IIS prevents access,
it should be logged.

Can you clearly state exactly what you are trying to do -- what user
identity has access to what and where. At this point, you described a
whole bunch of configuration, some of them redundant and others
conflicting, and I don't know what you are trying to accomplish. It is
a recipe for having authentication issues.

What I want to know:
Do you want authenticated user credentials from the client ASP.Net
application to flow to the server ASP.Net application, or do you want
to authenticate the user identity on the front-end but use a different
impersonated identity to reverse-proxy access to the server ASP.Net
application. And what is the configured Application Pool identity
running the client ASP.Net application.

FYI: This "hassle" is a good thing because it reminds the coders that
they may not be as up-to-date on application security and
authentication protocols as they should be. It is important to hassle
coders to get it right because this is the front door and roadmap to
their server's kingdom, and you want it to be sturdy and secure, not
just gaping wide open. Security does not happen "automagically" - it
happens by design.

Personally, I think that if you get a 401, you should think "darn,
what else did I forget" and NOT "darn, why is Microsoft making it a
hassle". The era of running as administrator or LocalSystem to avoid
"access denied" and have things "magically work" is over.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





On Mar 20, 11:08 am, Grant_S<nos...@developmentnow.com> wrote:
> I have an asp.net web application which posts a request to another asp.net web app
lication. I am coding in C# using Visual studio 2003, with .Net Framework 1.1 on a W
iondows 2003 server (running IIS 6.0.). In order to have all code running as managed
 co
de, I changed existing code which uses MSXML ServerXMLHTTPClass to post requ
ests to code using the .Net HTTPWebRequest class. When migrating the applica
tion to the Test web server, IIS appears to prevent access (=no record of th
e request in the Windows\Sy
stem32\Logfiles\W3SVC1 files). I am using impersonation in the web.config fi
le of the client and 'server' web applications. The Application needs to be 
configured in IIS to 'Windows Authentication' only. The impersonated account
 is a member of IIS_WPG gro
up an has NTFS permissions to the Applications physical folder. Even if I op
en up security (allow everyone). There is no web proxy issue. Both client an
d Server applications are at this point both on the same Test server with th
e same specs as the develop
ment machine (above).
>
> THE ONLY WAY IT FUNCTIONS IS IF IIS FOR THE APPLICATION ON THE SERVER HAS 
'ENABLE ANONYMOUS' TICKED.
>
> I see a lot of posts on the internet highlighting this problem without any difinit
ive answer. Surely, Microsoft wishes the Managed classes to be used. Why then does t
here appear to be such a hassle for coders to use the class to achieve the same resu
lt
as the MSXML classes?
>
> The code below is what I am using to make the call. Tracing shows that the
 call fails when the request is made (GetResponse()).
>
> HttpWebRequest request=null;
> Uri uri = new Uri(requestTargetAndQuery);
> request = (HttpWebRequest) WebRequest.Create(uri);
> request.Method = "GET";
> request.Credentials = new NetworkCredential(this.m_User, this.m_Password);
> string result=string.Empty;
> using (HttpWebResponse response = (HttpWebResponse) request.GetResponse())
> {
> request response.",traceSwitch);
> using (Stream responseStream = response.GetResponseStream())
>  {
>      using (StreamReader readStream = new StreamReader (responseStream, En
coding.UTF8))
>      {                                                  result = read
Stream.ReadToEnd();
>     }
>
> }
> }
>
> Hopefully someone can point me in the right direction (or let me know if t
he Framework class does not have the capability to achieve what I am trying)
>
> Thanks Grant_S
>
> Fromhttp://developmentnow.com/g/91_0_0_0_0_0/inetserver-iis-security.htm
>
> Posted via DevelopmentNow.com Groupshttp://www.developmentnow.com




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 06:54 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register