I am not sure if this is a .NET bug/feature and IIS5 one or a combination of
the 2 so here goes
I have a situation where when I call an ASP.NET webservice running under
windows 2000 (I assume IIS5) with a webservice client also in .NET that the
webservice request loses the Authorization HTML header.
This DOES NOT happen under Windows 2003.
I am using the followng (patch/fix) to preauthenticate the web request (this
is from a KB article, or newsgroup article I think)
Protected Overrides Function GetWebRequest(B yVal uri As System.Uri) As
System.Net.WebR equest
Dim webReq As System.Net.WebR equest = MyBase.GetWebRe quest(uri)
If Me.PreAuthentic ate Then
Dim cred As System.Net.Netw orkCredential =
Me.Credentials. GetCredential(u ri, "Basic")
If Not cred Is Nothing Then
Dim buff As Byte() = New
System.Text.UTF 8Encoding().Get Bytes(cred.User Name & ":" & cred.Password)
webReq.Headers( "Authorization" ) = "Basic " &
Convert.ToBase6 4String(buff)
End If
End If
Return webReq
End Function
Also webservice and client are running under the same process/application -
long story but it is to fake the fact that the server we are supposed to
talk to isn't available yet.
i.e. under my webservice I have 2 folders - in one folder I have the .asmx
files that our web application talks to and under the other folder I have a
..asmx that responds the way the 3rd party service is supposed to
with requests to the first folder causing a request to the second.
I hope someone can tell me what is going on.
Regards
Shaun 15 3012
Hi Shaun,
Thanks for your posting. From your description, you've an asp.net web
service which make use of the Http header to store some authentication
tokens. But you found this header will lose when you host the webservice on
win2k server (works ok on 2003 server) ,yes?
From the client code you provided, seems you're using the WebRequest class
to consume the webservie rather than use the wsdl.exe to generate the
client proxy ,yes? Since the using HttpHeader to store authentication info
will make the webservice reply on the underlying protocal, generally, we
recommend that we use th SOAP HEADER to store such info.
would you consider using the SoapHeader or if there is any certain concerns
on this, please feel free to post here. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Steven
No what happens is that when the client talks to the server hosted on the
same machine the Authorization header goes missing. However when the
client running on the windows 2000 talks to a different machine (Windows
2003)
then the Authorization header is there
I used the .NET tools (wsdl.exe) to generate my client and servers based on
the WSDL
(generated by the java syatem we need to talk to) and then used the
information from
the following newsgroup to override the web request to get preauthenticati on
to work
( http://groups.google.co.uk/groups?q=...on&hl=en&lr=&s
elm=%23euI3BFUC HA.2832%40tkmsf tngp10&rnum=5)
Unfortunately using the SOAP Header isn't an option as it is not supported
by the specification we need to adhere to.
I can knock up a demo project(s) to emulate what we are doing if you wish.
Shaun
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:kK******** ******@cpmsftng xa10.phx.gbl... Hi Shaun,
Thanks for your posting. From your description, you've an asp.net web service which make use of the Http header to store some authentication tokens. But you found this header will lose when you host the webservice
on win2k server (works ok on 2003 server) ,yes?
From the client code you provided, seems you're using the WebRequest class to consume the webservie rather than use the wsdl.exe to generate the client proxy ,yes? Since the using HttpHeader to store authentication
info will make the webservice reply on the underlying protocal, generally, we recommend that we use th SOAP HEADER to store such info. would you consider using the SoapHeader or if there is any certain
concerns on this, please feel free to post here. Thanks.
Regards,
Steven Cheng Microsoft Online Support
Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
Thanks for your response Shaun,
I'll have a look at your attached code and do some tests. And I'll update
you as soon as I got any further progress. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Shaun,
After some tests, It seems that the code you provided works correctly on my
side. I've tested on two machines. One is XP PRO with iis5 .net 1.1 and
another win2k3 server with iis6 .NET 1.1. ( the webservice's virtual dir
is set allow anonymous)
In both tests I put the client and server on the same machine(local test).
The HTTP header is sent correctly so I'm wondering the problem is due to
any enviormential issue? You may have a check, if there is any new
findings, please feel free to post here . Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Steven
The problem is possibly then with windows 2000 and iis5 perhaps. I have
always stressed this point.
I have seen this issue so far with 4 windows 2000 machines. 2 developer
boxes, 1 test environment and my home test machine.
I used anonymous on all sites/folders.
I hope you will be able to replicate the environment.
Shaun
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:Qc******** ******@cpmsftng xa10.phx.gbl... Hi Shaun,
After some tests, It seems that the code you provided works correctly on
my side. I've tested on two machines. One is XP PRO with iis5 .net 1.1 and another win2k3 server with iis6 .NET 1.1. ( the webservice's virtual dir is set allow anonymous)
In both tests I put the client and server on the same machine(local test). The HTTP header is sent correctly so I'm wondering the problem is due to any enviormential issue? You may have a check, if there is any new findings, please feel free to post here . Thanks.
Regards,
Steven Cheng Microsoft Online Support
Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
Hi Shaun,
Thanks for your response. Yes, I've just tested on a w2k server(iis5) with
framework1.1 ,but the behavior is the same as I tested on other enviorment,
the Authorization header is sent correctly.
Have you tried changing to use another custom Header Name such as
webReq.Headers. Add("myheaderit em", "myheadervalue" )
to see whether it can be sent correctly?
In addition, I'm a bit confused that why you need to manually set the HTTP
authorization header? When we add the following code
Dim cache As New System.Net.Cred entialCache
Dim cred As New System.Net.Netw orkCredential(" IWTeamMember1",
"Password01 !", "sha-dng-chn")
cache.Add(New
Uri(System.Conf iguration.Confi gurationSetting s.AppSettings(" Uri")),
"Basic", cred)
ws.Credentials = cache
the webrequest will automatically add the HTTP authorization header for us.
That means, even we don't override the GetWebRequest and manually add the
header, the webrequest will generate the header for use according to the
NewworkCredient ial we add in the CredentialCache . I've tested this to
confirm this behavior. Have you also tried this?
Just turn on the IIS's BASIC authentication and run the following code at
client
Private Sub Button1_Click(B yVal sender As System.Object, ByVal e As
System.EventArg s) Handles Button1.Click
Try
Dim service As New AuthTestService .AuthTestServic e
Dim cache As New System.Net.Cred entialCache
Dim cred As New System.Net.Netw orkCredential(" username",
"password!" , "servername ")
cache.Add(New
Uri(System.Conf iguration.Confi gurationSetting s.AppSettings(" Uri")),
"Basic", cred)
service.Credent ials = cache
MessageBox.Show (service.HelloW orld())
Catch ex As Exception
MessageBox.Show (ex.ToString())
End Try
this can return "HelloWorld " correctly.
Please have a check and let me know if there is anything unclear. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
End Sub
Hi Steven
I did say the issue was with windows 2000, I never tried with XP Pro. but so
far 4 windows 2000 boxes all exhibit the same problem.
All have anonymous set, I am using preauthenticati on so the credentials
should always be snet - and they do appear to do so.
I hope you may be able to replicate, however one has to ask why does windows
2000 strip the header.
Could it be a filter? Can't imagine why though.
Shaun
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:Qc******** ******@cpmsftng xa10.phx.gbl... Hi Shaun,
After some tests, It seems that the code you provided works correctly on
my side. I've tested on two machines. One is XP PRO with iis5 .net 1.1 and another win2k3 server with iis6 .NET 1.1. ( the webservice's virtual dir is set allow anonymous)
In both tests I put the client and server on the same machine(local test). The HTTP header is sent correctly so I'm wondering the problem is due to any enviormential issue? You may have a check, if there is any new findings, please feel free to post here . Thanks.
Regards,
Steven Cheng Microsoft Online Support
Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
Hi Steven
I'll give it a try
I've come across the following http://groups.google.co.uk/groups?q=...FTNGP09&rnum=1
and it seems to descibe the same symptoms. It also seems to be that it (the
Authorization header) will come through if we enable basic authentication.
Okay but whey the difference between 2000 and 2003.
Actually the problem occurs only if the server is 2000, the client is not a
factor.
Basic Authentication isn't turned on via IIS and there should be no need to
do so as I wish to use a HttpHandler to look after the credentials and send
back an Authorization error (403?) - this is because the application could
be hosted on a site where access to the IIS is minimal (3rd party hosting
environment).
Also I wish to authenticate against my own control list (database or
web.config) and not that controlled by a 3rd party.
Shaun
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:D5******** *****@cpmsftngx a10.phx.gbl... Hi Shaun,
Yes, the problem is so strange. I'm sure this is a enviromential specific issue. Also, you've mentioned that the problem only occur when your client app and the webservice are on the same machine,(locall y), so I've exclude the possibility of some firewall or proxy that may intercept the authorization header. In addition, I'm not sure whether you've tried sending a custom http
header as I mentioned in my last reply to see whether this can work?
Also, I've attached a ISAPI filter made by our IIS support guy which can help capture the raw data send to IIS. You may also try install it and capture the HTTP headers (when calling the webservice) on the problem machine to see whether the header has arrived the IIS. Here is the install steps for the isapi filter
============== Please open the server(computer icon)'s property->WWW Service global setting->ISAPI Filter tab, add the dll as a new ISAPI
filter(WriteRaw Data). Then please restart IIS service via iisreset command. Reproduce the problem. The filter will capture the incoming and outgoing rawdata in 2 files at c: - InRawData.log, OutRawData.log
=============
Hope helps. Thanks.
Regards,
Steven Cheng Microsoft Online Support
Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
Hi Steven
Sorry this skipped being read as my newsreader settings didn't read all
headers (fixed now)
I manually set it because the preauthenticati on flag doesn't work for
webservice - this is a known bug.
I also do not want to turn on basic authentication to make it work as I need
to handle the basic authentication using my own httphandler to check the
credentials.
(I also do not have the correct permission on the domain involved to add my
own users and thus I cannot use IIS basic authentication - unless you know
of another way of supplying username/password combinations)
Try turning off the basic authentication and looking for the authorization
field within the application (ps you will need to use my code to get
preauthenticati on to work) - see my original example.
Shaun
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:ns******** ******@cpmsftng xa10.phx.gbl... Hi Shaun,
Thanks for your response. Yes, I've just tested on a w2k server(iis5) with framework1.1 ,but the behavior is the same as I tested on other
enviorment, the Authorization header is sent correctly. Have you tried changing to use another custom Header Name such as
webReq.Headers. Add("myheaderit em", "myheadervalue" )
to see whether it can be sent correctly?
In addition, I'm a bit confused that why you need to manually set the
HTTP authorization header? When we add the following code
Dim cache As New System.Net.Cred entialCache Dim cred As New System.Net.Netw orkCredential(" IWTeamMember1", "Password01 !", "sha-dng-chn") cache.Add(New Uri(System.Conf iguration.Confi gurationSetting s.AppSettings(" Uri")), "Basic", cred) ws.Credentials = cache
the webrequest will automatically add the HTTP authorization header for
us. That means, even we don't override the GetWebRequest and manually add
the header, the webrequest will generate the header for use according to the NewworkCredient ial we add in the CredentialCache . I've tested this to confirm this behavior. Have you also tried this?
Just turn on the IIS's BASIC authentication and run the following code at client
Private Sub Button1_Click(B yVal sender As System.Object, ByVal e As System.EventArg s) Handles Button1.Click
Try Dim service As New AuthTestService .AuthTestServic e
Dim cache As New System.Net.Cred entialCache Dim cred As New System.Net.Netw orkCredential(" username", "password!" , "servername ") cache.Add(New Uri(System.Conf iguration.Confi gurationSetting s.AppSettings(" Uri")), "Basic", cred) service.Credent ials = cache
MessageBox.Show (service.HelloW orld())
Catch ex As Exception
MessageBox.Show (ex.ToString()) End Try
this can return "HelloWorld " correctly.
Please have a check and let me know if there is anything unclear. Thanks.
Regards,
Steven Cheng Microsoft Online Support
Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) End Sub
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Fabrice |
last post by:
hi !
here is my problem ! I add a field to an html header using php
function header("field_name: value"). When the php page is on my local
machine (which act as a server) i can read the "value" of field_name
(i also on my local machine). But when i put the file on another
server and i'm still on my local machine i cannot read this field_name
(but i can see the page on my browser). Can any one tell me what is
the problem ?
|
by: Terry |
last post by:
Hi,
I built a website using the HMTL header:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
All the CSS layout stuff looks good.
|
by: crs2003c |
last post by:
For some time now, other teachers have had this problem. Visual C++ 6.0 was
once installed on a WIN98 platform and apstring.h and graphic.h worked.
However, since moving to WIN2000 and WINXP, these header files are missing.
Where can I find these header files?? I have tried to create these headers
over again, even CUT/PASTE, however, I most not be doing something right.
Help here would be very appreciated.
|
by: gerrod |
last post by:
When using a master page In .NET v2.0 Beta 1, you could attach additional
stylesheets to the master page from your content pages, with a call such as:
Header.LinkedStyleSheets.Add("_Styles/Stylesheet.css");
In Beta 2, it seems as though IPageHeader no longer exposes this property.
Does anyone know what the new approach / work-around is?
Thank in advance.
|
by: Simon Verona |
last post by:
I don't know if this is the correct group to ask the question, but I'll ask
it here anyways!
I have a solution, written in vb.net 2003 (using Visual Studio 2003
Professional) which has multiple projects.
What I find is that from time to time (once every couple of days) that when
I go to run the solution (which compiles all the projects) that the compile
fails because a control is missing. The control in question is always a...
| |
by: dotcom |
last post by:
hello,
i am sending whole javascript code(it is for freezing html header)
it works fine eith IE but not firefox scroll bar does not come
var divContent = null;
var divHeaderRow = null;
var divHeaderColumn = null;
var divHeaderRowColumn = null;
var headerRowFirstColumn = null;
var x;
|
by: dabei |
last post by:
Hi, I am trying to use AS3 to make a URL request with authorization header. Using the code below:
var request:URLRequest = new URLRequest ( 'http://myserviceURL' );
var requestHeader:URLRequestHeader = new URLRequestHeader("Authorization", "AuthSub token=CI3xlrq1DxCjtruCAw");
request.requestHeaders.push(requestHeader);
...
But I get the following error:
ArgumentError: Error #2096: The HTTP request header Authorization cannot be set via...
|
by: abhilash12 |
last post by:
how can resizing html header table
|
by: funkymonk |
last post by:
I have no idea if this or how this can be done. Basically Ive been given a website made in dreamweaver using asp and html. I use asp.net and so everything I make uses masterpages rather than header and footers and the website already has a .....header and footer. Is there a way of converting the header and footer into a masterpage. I am a noob btw. Thanks for any assistance
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |