tags:

views:

64

answers:

4
Q: 

How do I tell which account is trying to access an ASP.NET web service?

I'm getting a 401 (access denied) calling a method on an internal web service. I'm calling it from an ASP.NET page on our company intranet. I've checked all the configuration and it should be using integrated security with an account that has access to that service, but I'm trying to figure out how to confirm which account it's connecting under. Unfortunately I can't debug the code on the production network. In our dev environment everything is working fine. I know there has to be a difference in the settings, but I'm at a loss with where to start. Any recommendations?

+1  A: 

Have you looked in the IIS logs?

John Saunders  2009-07-20 20:09:53
The IIS log doesn't contain the account, only the url, client, and "401 2 2148074254".
Andrew Lewis  2009-07-20 20:15:20
You can configure the fields you want, using IIS Manager. Turn on cs-username.
John Saunders  2009-07-20 20:21:44
You'd have an easier time looking through the Application event log to find the unhandled (is it?) exception - it will give you all the information you need
Josh E  2009-07-20 20:33:31
It won't be there. If a 401 is returned, then the application didn't see the request.
John Saunders  2009-07-20 21:08:14
A: 

I would also recommend looking in the Security event log on the server for authentication failures. You should find a footprint of the failed authorisation attempt here. Be warned though - it is not unusual to get 10s of security events a second, so ideally you need to be able to access the event log as the requests are failing.

Rob Levine  2009-07-20 20:16:23
A: 

If you do not specify which credentials to use in your ASP.NET page when you instantiate the web service then I believe it defaults to NT_Authority\Anonymous.

If you're using System.Net.CredentialCache then your web service needs to be in a trusted domain, accessed over HTTPS and using either NTLM, Kerberos or Digest Auth otherwise it does not pass the credentials from the cache.

http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultnetworkcredentials.aspx http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx

CptSkippy  2009-07-20 21:03:02
A: 

Perhaps the production server uses a different user for its application pool than your dev environment? I once spent a day figuring that one out. Another option would be the (lack of) impersonation in the web.config

René  2009-07-20 21:20:08

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?