Windows authentication proxy & web services

  • Thread starter Thread starter Sparky
  • Start date Start date
S

Sparky

Hi

I get an error when a winforms application tries to communicate with a web
service. The winforms machine connects to the internet via a Windows
Authentication proxy server (ISSA or whatever it's called!).

The call stack is:

MyApp.General.cFmsException ---> System.Net.WebException: The operation
has timed-out. at
System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebReques
t request) at
System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRe
quest request) at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at
MyApp.CommonDB.localhost.LEAFAuth.TestConnection()


I use the following function to get the web proxy to put into the web
service:


Public Shared Function GetWebProxy() As IWebProxy
'Returns a web proxy object which represents the current proxy settings
'NOTE - if the settings indicate no proxy then a proxy object still
'has to be returned (getemptywebproxy).

Dim oProxy As IWebProxy
Dim oProxySettings As cProxySettingsFile = New cProxySettingsFile

With oProxySettings
If .UseProxy Then
If .UseDefaultHTTPProxy Then
oProxy = WebProxy.GetDefaultProxy
Else
oProxy = New WebProxy(.HTTPAddress, .HTTPPort)
oProxy.Credentials = New NetworkCredential(.HTTPUserName, .HTTPPassword,
..HTTPAddress)
End If
Else
'getemptywebproxy denotes that no web proxy is used.
oProxy = GlobalProxySelection.GetEmptyWebProxy
End If
End With
Return oProxy
End Function

Note I use my own class to hold the proxy settings. This function works
perfectly for Basic Authentication, but there must be something different to
use for Windows Authentication.

Any help would be much appreciated!

Cheers
 
Hello,

Thanks for your post. I reviewed your description carefully, and now I'd
like to share the following information with you:

1. Can you access the Web Service in Internet Explorer?

2. Does the Web Service and the Proxy Server all use Windows Integrated
Authentication? If so, the problem may be caused by an known issue that it
may not allow NTLM user credential to pass through the Proxy Server if the
connection is not kept alive. Please refer to the following KB article:

PRB: Cannot Connect Through Proxy Server that Requires NTLM Authentication
http://support.microsoft.com/?id=254396

To work around this problem, you need to set
HttpWebRequest.UnsafeAuthenticatedConnectionSharing to true. For example:

MyService.UnsafeAuthenticatedConnectionSharing = True

3. The third parameter for the construtor of NetworkCredential is for
Domain Name, while it seems to be http address in your code snippet:

oProxy.Credentials = New NetworkCredential(.HTTPUserName, .HTTPPassword,
..HTTPAddress)

Please enter the correct Domain Name for the account. The better approach
is to always consider CredentialCache class:
oProxy.Credentials = New NetworkCredential(.HTTPUserName, .HTTPPassword,
DomainName)
Dim cache As new CredentialCache
Cache.Add(new Uri(.HTTPAddress), "NTLM" , oProxy.Credentials )
oProxy.Credentials = cache

You can also use the default user credentials for NTLM and Negotiate
authentication:
oProxy.Credentials = CredentialCache.DefaultCredentials

Hope this helps.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hi Tian

1. Yes, no probs looking at asmx in Internet Explorer

2. Web Service does not use Integrated Authentication. ISA does though.

3. If I use:
oProxy.Credentials = New NetworkCredential(.HTTPUserName, .HTTPPassword,
DomainName)
Dim cache As new CredentialCache
Cache.Add(new Uri(.HTTPAddress), "NTLM" , oProxy.Credentials )
oProxy.Credentials = cache

I get a 407: authentication required. If I use my original method, it
generates the timeout error (I was actually passing in the domain the
proxy). No joy with default credentials either!
 
Hi,

Thanks for your reply. To narrow down the problem, please check the
following:

1. What's the proxy/port setting in InternetExplorer? Are they the same
with .HTTPAddress and .HTTPPort in your code?

2. What's the authentication setting in your Web Service? I suggest you to
configure it to anonymouse and use default user credentials in code and see
if it works.

3. Configuring Network Monitor for a Capture
a. Configure Network Monitor to trace on the network interface that goes
between your development machine and the proxy server. To do this, go to
the Capture menu
and choose Networks. Expand the Local Computer, and highlight the interface
that matches the network interface used to go between the development
machine and the proxy server.

b. Use filtering to capture only traffic to and from this development
machine. To do this, go to the Capture menu, and choose Filter. Modify the
Address Pairs and change them from *ANY<->ANY to be LOCAL<->ANY.

c. Set the buffer settings to be as large as reasonably possible. To do
this, go to the "Capture" menu, and choose Buffer Settings. Set the Buffer
size. We suggest 80mb for most cases. This should be set based on how long
it takes for the problem to occur, and how much disk space available you
have. In some cases, it is not unusual to set this as high as 1 or 2 GB.

d. Start capturing, and start your application until your code fails. After
you have finished capturing, zip the capture file created by Network
Monitor and post it so that we can check what is going on.

I am looking forward to your reply. Thanks.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hello Mark,

Thanks for your update.
with the proxy because if I use an invalid username or password during the
proxy object construction I get an authentication exception thrown instead.

According to your description above, I believe that your original
credential setting is correct and the problem may be caused by the issue
that the connection to the proxy is not keep-alive as described in my first
reply. Did you try setting
HttpWebRequest.UnsafeAuthenticatedConnectionSharing to true to check?

MyService.UnsafeAuthenticatedConnectionSharing = True

In addition, I am not able to open your Network Monitor log file, it seems
to be corrupt. Could you please post it again?

I am standing by for your reply.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hi Tian

I've been on-site and got the logs... don't really want to post them on the
newsgroup - where should I send them?

Regards

Mark
 
Hi Mark,

You can send it to me directly at (e-mail address removed)

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hi Tian

I've emailed you the log from Network monitor - not sure if you've recieved
it or if it's got lost in the ether of Microsoft's email server!

Let me know and I'll resend if necessary :-)

Many thanks

Mark
 
Hi Mark,

I received your files and I am performing researching on it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hi Tian

Have you had any luck with the logs?

Bit of a head scratcher as the log contains a correct return result from the
webservice but the client doesn't appear to recieve it.

Cheers

Mark
 
Back
Top