ASP.NET WebService: Authentication failed. ExceptionType":"System.InvalidOperationException"

Question

Hi ,

I have got a textbox and Ajax autocompleteextender in my web page.I have no problem at local Dev Machine.When i upload this page to remote host getting "Authentication failed. ExceptionType":"System.InvalidOperationException" this error.

Here is my codes ;

 <form id="form1" runat="server">
<asp:ScriptManager ID="ScriptManager1" runat="server">
    <Services>
        <asp:ServiceReference Path="~/WebService.asmx" />
    </Services>
</asp:ScriptManager>
<div>
    <asp:TextBox ID="txtAra" runat="server"></asp:TextBox>
    <cc1:autocompleteextender id="AutoCompleteExtender1" runat="server" servicepath="~/WebService.asmx"
        servicemethod="IsmeGoreGetir" minimumprefixlength="1" targetcontrolid="txtAra"
      >
                    </cc1:autocompleteextender>
</div>
</form>

And then web service side ;

OleDbConnection con;
OleDbCommand cmd;
OleDbDataReader dr;


[WebMethod(EnableSession = true)]
public string[] IsmeGoreGetir(string prefixText, int count)
{
    con = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0;Data Source=" + Server.MapPath("~/App_Data/nobetRehber.mdb"));

    cmd = new OleDbCommand( "Select * from Rehber Where AD like '" + prefixText.ToUpper() + "%'",con);

    OleDbDataAdapter da = new OleDbDataAdapter(cmd);
    if (con.State != ConnectionState.Open)
        con.Open();

    DataTable dt = new DataTable();
    da.Fill(dt);
    string[] items = new string[dt.Rows.Count];
    int i = 0;
    foreach (DataRow dr in dt.Rows)
    {
        items.SetValue(dr["AD"].ToString(), i);
        i++;
    }
    con.Close();
    return items;
}

Answer 1

• Wow, I really hope that you don't upload that to a public-facing sever. http://sqlmap.sourceforge.net/ would own that web site in a few seconds. prefixText := "1=1; DELETE * FROM Rehber;--" is one very simple version of it.

• Since you have fields, I can only assume you have multiple readers on one connection. You are hiding field dr.

  • Since this is the case, you are also assigning a new connection every call, leading to a memory leak.

  • Since this is the case, you have just created lots of race conditions accessing field con.

  • Ditto for cmd.

• dr["AD"].ToString() can throw null ref or will do so if db-schema gets out of touch with code.

So if you fix your race conditions and funny code, it might actually work. Plus, provide a stacktrace next time. :)

Answer 2

Call the page WebService.asmx in IE from the Client directly in the IE. First check the webservice is accessiable once its hosted to the production machine.

if its working. Check what kind of authentication it requires when the client calls the service from the code.

This issue is not related with Connection or command. Its related with the Web service authentication.

Ref. http://support.microsoft.com/kb/813834