making a Web Request from my server

  • Thread starter Thread starter mc
  • Start date Start date
M

mc

I would like to offer a section on my page which will show the "Status" of other servers on the
network, My plan was to identify a specific image on each server I want to test, do a WebRequest for
that image, and return true If I could get that image. This works when using the VS webserver but
not on my "Live" server all machines will require authentication.

The code currently throws a 401 error?

Can someone tell me what is going wrong? The server is currently configured to use Impersonation
with Windows Auth. (I've checked User.Indentity.Name from the function and it thinks it's running as
a valid user account

Alternativly does someone have a better solution for testing to see if a web server is running on a
machine?

--- My Code ---
private bool CheckUri(string p){
WebRequest theRequest = WebRequest.Create(p);
theRequest.Credentials = System.Net.CredentialCache.DefaultCredentials;
try{
HttpWebResponse theResponse = (HttpWebResponse)theRequest.GetResponse();
return true;
}
catch{
return false;
}
}


TIA


MC
 
Your asp.net runtime account on each server would likely need to be the same
domain account. It gets tricky talking between servers from the runtime
account.

If it were me doing this I wouod likely open a socket, send a head request
for a page and evaluate the response, or simply have an anonymous webservice
method that you can issue a query at.

Regards

John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
 
Hi MC,

As for this issue, since you mentioned that the webrequest call in VS Test
Server works, but fails in deployment environment(in IIS), I think it is
likely caused by security account problem.

When running in VS Test Server, the application is running under your logon
user account(maybe a domain account) that can be forwarded to remote
machine.

However, in IIS server, the running process account is IIS service account
which maybe a local account. As you said that you've use "windows
authentication" and impersonate the client user. This can only make the
worker thread (for processing each requesty) running under the client
impersonated user, but if you make remote access(such as webrequest call or
access remote file share), the security identity impersonated from client
authenticated user can not be forwarded to a further remote machine. This
is called "double hop" limitation.

For your scenario, I think the reasonable way to resolve the problem is
either:

** use a domain account as the process account for your ASP.NET application
in IIS
** programmatically impersonate(need username password credentials) when
you want to send remote webrequest call

#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx

If you want more info about double hop issue, you can have a look at the
following links:

http://weblogs.asp.net/avnerk/archive/2004/09/22/232967.aspx

http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
Date: Tue, 18 Dec 2007 09:17:30 +0000
From: mc <[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet
Subject: making a Web Request from my server

I would like to offer a section on my page which will show the "Status" of other servers on the
network, My plan was to identify a specific image on each server I want to test, do a WebRequest for
that image, and return true If I could get that image. This works when using the VS webserver but
not on my "Live" server all machines will require authentication.

The code currently throws a 401 error?

Can someone tell me what is going wrong? The server is currently
Click to expand...
configured to use Impersonation
 
Hi MC,

Any progress on this issue? If there is anything else we can help, please
feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Sorry this one dropped off my radar slightly.

I'm aware of the Double hop issue and thought I had it covered, we currently authenticate via the
same server against remote databases as the impersonated user fine.

If we assume (and I know it's a big assumption) that I've got the kerberos setting of the
originating web server correct. Would I need to reconfigure the servers That I'm connecting to?

This is now a purely academic question as it's unlikely that I will have the time (and funding) to
compete as planned.

The interim solution was to open a raw TCP/IP socket to port 80, if it fails assume the system is
down. This is mostly successful but doesn't deal with an app pool that has been suspend as that
still accepts connections.
 
Thanks for your reply MC,

Yes, kerberos would be one possible approach for double hop cases. However,
it is quite complex and tight coupled for you to involve kerberos
delegation in your distributed environment. You need to perform configure
from client to webserver to the backend server(the domain account, server
machine principal accounts...).

If you do want a try, you can have a look at the following reference about
using and troubleshooting kerberos delegation cases:

#How to configure an ASP.NET application for a delegation scenario
http://support.microsoft.com/kb/810572

#Troubleshooting Kerberos Delegation
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
security/tkerbdel.mspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
 
Hi MC,

Do you have any further questions on this? If so, please feel free to post
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
From: (e-mail address removed) (Steven Cheng[MSFT])
Organization: Microsoft
Date: Thu, 10 Jan 2008 02:42:53 GMT
Subject: Re: making a Web Request from my server
Click to expand...
 
Back
Top