views:

5862

answers:

4

I wrote a windows service a few months ago that would ping a Sharepoint list using _vti_bin/lists.asmx function GetListItemChanges. It was working fine until a few weeks ago when my company upgraded our Sharepoint instance to SP1.
Now whenever my service attempts to access Sharepoint I receive an 401.1 authentication error:

Error:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied.
Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)

I have checked and my privileges on the site have not changed. here is the code In which I call the list:

Lists listsService = new Lists();
listsService.Credentials = new NetworkCredential("UserName", "Password", "domain");
Result = listsService.GetListItemChanges("List name", null, dTime.ToString(), null);

It has also been brought to my attention that basic authentication may have been disabled on our farm. I don't believe I'm using that but I may be mistaken.

A: 

Do you have proxies on your internal network?

I'm thinking along the lines of double-hop, and that Basic Auth is not prone to that but that NTLM is. If you have a proxy, then the double-hop is an issue. If you are accessing the machine directly and can only count one hop (service to web service) then this shouldn't be an issue.

A: 

Assuming that its not SSL or Basic/Windows authentication problems then I am betting this

To test log on to the local server and try to browse your site. If you can not browse successfully using the username/pwd given above but you can from a remote pc then this is the article for you.

You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

http://support.microsoft.com/default.aspx?scid=kb;en-us;896861

Ryan
+1  A: 

Based upon the information provided, I doubt this is a programming error. Can you get access to the IIS Manager interface on the server hosting the SharePoint site? If so, check the valid authentication technologies permitted. Are anonymous connections allowed? Is Windows Integrated Authentication enabled? HTTP Basic auth? Ask your infrastructure/SharePoint people about the possibility of a double-hop (proxy). If so, that might work too, but it's a pain to setup (Kerberos delegation). The NetworkCredentials class appears to support all of the standard authentication schemes supported by IIS (except for forms):

http://msdn.microsoft.com/en-us/library/system.net.networkcredential(VS.80).aspx

You might need to have the infrastructure people set SPNs for the SharePoint web front end:

http://support.microsoft.com/kb/929650

I advise against changing anything via IIS Manager, however. Have your SharePoint Admin make the changes to the authentication techs permitted for the site via SharePoint Central Administration.

Regards, Sam

Sam
+1  A: 

I've just found a very similar issue and solved it thanks to a MS KB article: http://support.microsoft.com/kb/896861

The bit that you should try is this:

Method 2: Disable the loopback check Follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

This solved the same problem in an environment I had whereby all of the normal solutions (addign credentials to the web service call) failed.