what loads proxies?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello

I have a proxy based upon a webservice. The machine.config reports it lacks access to load the proxy. What account name is associated with the attempt to load the Proxy and what permissions (other than the obvious read/execute) does that account need


mklap
 
If you can post the exact error message you see, that may help narrow
down the problem.
 
I get an Access Denied 401 error

I am certain I know what the problem is. The proxy file does not grant adequate permissions. What account/user loads the proxy from machine.config?
 
401 is an HTTP error message, not something you'd see trying to
reading a file from the local file system.

Sounds like the proxy has adequate permissions to start, but when
making the call runs into a problem. Does the web service you are
trying to call require authentication?
 
the proxy is loading fine, it being denied access to the web service by IIS.
the requested web service requires authentication credentials be sent and
you are not supplying them.


-- bruce (sqlwork.com)


mklapp said:
I get an Access Denied 401 error.

I am certain I know what the problem is. The proxy file does not grant
Click to expand...
adequate permissions. What account/user loads the proxy from
machine.config?
 
been there, done that :)

Anyway after research i findout that standard WebRequest does not support
Proxy servers.

So if you have created a wrapper for the webservice you will need to modify
it.

Here is an example how i modified the Google Webservice (1 constructor and 1
overridden method)

Hope this help.

public GoogleSearchService()
{
this.Url = "http://api.google.com/search/beta2";
WebProxy objProxy = new WebProxy("10.1.1.71:80");
objProxy.Credentials=new NetworkCredential("USERNAME","PASSWORD");
this.Proxy = objProxy;
}
protected override System.Net.WebRequest GetWebRequest(Uri uri)
{
System.Net.HttpWebRequest request =
(System.Net.HttpWebRequest)base.GetWebRequest(uri);
if (this.PreAuthenticate)
{
System.Net.NetworkCredential nc =
this.Credentials.GetCredential(uri,"Basic");
if (nc != null)
{
byte[] credBuf = new
System.Text.UTF8Encoding().GetBytes(nc.UserName + ":" + nc.Password);
request.Headers["Authorization"] = "Basic " +
Convert.ToBase64String(credBuf);
}
}
return request;
}

George.


mklapp said:
Hello,

I have a proxy based upon a webservice. The machine.config reports it
Click to expand...
lacks access to load the proxy. What account name is associated with the
attempt to load the Proxy and what permissions (other than the obvious
read/execute) does that account need?
 
Hi Mklapp,


Thanks for posting in the community!
From your description, you encoutered the "Access Denied 401" error when
calling an ASP.NET webservice's webmethod from a client proxy. Is the full
error message like:
"The request failed with HTTP status 401: Access Denied. " ?
If there is anything I misunderstood, please feel free to let me know.

Based on my experience, this problem is a security issue with the
Authentication on ASP.NET web app/web service. Is the Virtual directory of
the WebService's web application set as Anonymous disabled? If so, since
when Anonymous access authentication is turned off for the Web service
application('s virtual directory), all the caller applications must provide
the credentials before making any request. By default, the Web service
client proxy does not inherit the credentials of the security context where
the Web service client application is running.

To solve the problem , you may try either of the following two methods:
1. Try change the webservice's virtual directory's Anonymous access as
allowed. You may follow the below steps:
-------------------------
a. In Control Panel, double-click Administrative Tools.
b. Double-click Internet Information Services.
c. Expand Internet Information Services, and then locate the WebServiceTest
virtual directory.
d. Right-click WebServiceTest, and then click Properties.
e. Click the Directory Security tab.
f .Under Anonymous access and authentication control, click Edit.
g. In the Authentication Methods dialog box, click to select the Anonymous
access check box.
--------------------------

2. To use the Credentials property of the Web service client proxy to set
the security credentials for Web service client authentication. One way to
set the credential property is Assign the DefaultCredentials to the
Credentials property of the Web Service Proxy class to call the Web service
while Anonymous access authentication is turned off. The DefaultCredentials
property of the CredentialCache class provides system credentials of the
security context where the application is running. To do this, use the
following code:

//myProxy is the instance of a webservice class
myProxy.Credentials= System.Net.CredentialCache.DefaultCredentials;
//then call the web method

Also, all the suggestions above have been discussed in the following KB
article:
#PRB: "Access Denied" Error Message When You Call a Web Service While
Anonymous Authentication Is Turned Off
http://support.microsoft.com/?id=811318

Please check out it if you feel anything unclear. Meanwhile, if you have
any other questions, please feel free to let me know.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Hello

Thanks for your reply. I do have an authentication issue, but it seems to be separate to the issue mentioned here. While perusing the property page of a file, I received a message sometning like

File permissions are organized incorrectl

When I clicked one of the buttons, most of the permissions were removed. I knew the file (one of the executables) needed at least one of the permissions removed. I worked that out

There are still authentication issues to work out and I am doing so

Thanks again

mklap
 
Hi,

David Qiu will work with you in your other thread:
Subject: Illegal to mix Authentication methods ?
Newsgroup: microsoft.public.dotnet.framework.aspnet.security

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.

This posting is provided "AS IS", with no warranties, and confers no rights.
 
When you access the Web service from the WinForm app, I expect you have set
the credential property on the proxy.
proxy.Credentials = myCache

[C#]
wReq.Credentials = CredentialCache.DefaultCredential;
[Visual Basic]
wReq.Credentials CredentialCache.DefaultCredential


I don't see you have done the same thing in the ASP.NET Web app. How do you
handle the authentication between ASPX and the Web service?
Are they on the same machine?

Thanks,
David
Microsoft Developer Support
 
When you access the Web service from the WinForm app, I expect you have set
the credential property on the proxy.
proxy.Credentials = myCache

[C#]
wReq.Credentials = CredentialCache.DefaultCredential;
[Visual Basic]
wReq.Credentials CredentialCache.DefaultCredential


I don't see you have done the same thing in the ASP.NET Web app. How do you
handle the authentication between ASPX and the Web service?
Are they on the same machine?

Thanks,
David
Microsoft Developer Support
 
Back
Top