468,554 Members | 1,891 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,554 developers. It's quick & easy.

Why does client send two soap messages when Credentials is used?

Hao
There is a wield issue in inspecting the network traffic on the web service
client side. There are two soap calls if credentials are used. The first
call has no credentials and is rejected by the server. The second call has
credentials and works. They are done by .Net behind the scene. No exception
is generated. If I do not pass in credentials or pass in empty crenditials
(empty user id and password), only one soap message is sent.

I could not figure out how to configure the .Net to only send one soap
message. Why does .Net send the first soap message?

Below is my code. The BACnetWSCore is the generated ws client proxy.

In case of web service call with

System.Net.ServicePointManager.Expect100Continue = false;
System.Net.ServicePointManager.UseNagleAlgorithm = false;
BACnetWSCore service = new BACnetWSCore();
service.Url = address;
service.Credentials = new System.Net.NetworkCredential(userid, password);
service.SomeAPI(); // expect only a soap message is sent, but actually
two are sent. The first one failed while the second one succeeds.

Thanks.
Hao


Mar 16 '07 #1
6 6407
Just use CredentialCache instead of NetworkCredentials and the
PreAuthenticate property in true.

Take a look to the following article
http://www.code-magazine.com/article...0307071&page=3

"Hao" <Ha*@newsgroup.nospamwrote in message
news:um**************@TK2MSFTNGP05.phx.gbl...
There is a wield issue in inspecting the network traffic on the web
service client side. There are two soap calls if credentials are used. The
first call has no credentials and is rejected by the server. The second
call has credentials and works. They are done by .Net behind the scene. No
exception is generated. If I do not pass in credentials or pass in empty
crenditials (empty user id and password), only one soap message is sent.

I could not figure out how to configure the .Net to only send one soap
message. Why does .Net send the first soap message?

Below is my code. The BACnetWSCore is the generated ws client proxy.

In case of web service call with

System.Net.ServicePointManager.Expect100Continue = false;
System.Net.ServicePointManager.UseNagleAlgorithm = false;
BACnetWSCore service = new BACnetWSCore();
service.Url = address;
service.Credentials = new System.Net.NetworkCredential(userid, password);
service.SomeAPI(); // expect only a soap message is sent, but actually
two are sent. The first one failed while the second one succeeds.

Thanks.
Hao

Mar 17 '07 #2
Hello Hao,

The two-request behavior you saw is due to the authentication process of
windows intergated authentication, and this is a transport layer
authentication behavior rather than webservice code specific behavior.
When performing windows authentication, the client browser will send
request without authentication credential info, and if server-side require
user authentication, it deny the access and then a second request goes. So
far, one means for improve such authentication peformance is to se the
"PreAuthenticate" header of http request(webservice client proxy has a
property for this), however, only limited authentication scheme support
this "PreAuthenticate" setting. here is a webarticle which has mentioned
this:

#Web Service optimization
http://www.codeproject.com/soap/webs...timization.asp

You can have a look to get more idea.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Mar 19 '07 #3
Hao
I've tried both PreAuthenticate to true and using the CredentialCache with
"Basic" schema. Only one messasge was sent, without the authentication
header, and therefore was rejected.
Any clue there? I also tried to override keepalive to either true or false,
did not make any difference.
Thanks.
Hao

"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:kF*************@TK2MSFTNGHUB02.phx.gbl...
Hello Hao,

The two-request behavior you saw is due to the authentication process of
windows intergated authentication, and this is a transport layer
authentication behavior rather than webservice code specific behavior.
When performing windows authentication, the client browser will send
request without authentication credential info, and if server-side require
user authentication, it deny the access and then a second request goes.
So
far, one means for improve such authentication peformance is to se the
"PreAuthenticate" header of http request(webservice client proxy has a
property for this), however, only limited authentication scheme support
this "PreAuthenticate" setting. here is a webarticle which has mentioned
this:

#Web Service optimization
http://www.codeproject.com/soap/webs...timization.asp

You can have a look to get more idea.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.


Mar 19 '07 #4
Thanks for your reply Hao,

For the "PreAuthentication", if you're using basic authentication, it
require client-side supply the basic authentication based credential and
the server-side(IIS application virtual dir) is configured as basic
authentication). Have you configured the IIS virtual directory to use basic
authentication also?

And no matter set "PreAuthenticate" to true or false, the first request
will always send non authentication header which result a 401 error, and
the "PreAuthentication" setting will take effect for all sequential
requests (avoid the intial 401 roundtrip). You can refer to the following
MSDN document about the behavior of using "PreAuthenticate" property:
#HttpWebRequest.PreAuthenticate Property
http://msdn2.microsoft.com/en-us/lib...uest.preauthen
ticate.aspx
Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Mar 20 '07 #5
"Mariano Omar Rodriguez" wrote:
Just use CredentialCache instead of NetworkCredentials and the
PreAuthenticate property in true.
Don't bother with PreAuthenticate. To make this work properly you will have
to override the GetWebRequest method in your client proxy.

Add something like this to your code (change "YourReference" to the name of
your Web Reference):

class OBACnetWSCore : YourReference.BACnetWSCore {
protected override WebRequest GetWebRequest(Uri uri) {
HttpWebRequest webRequest = (HttpWebRequest)base.GetWebRequest(uri);
NetworkCredential creds = Credentials as NetworkCredential;
if (creds != null) {
string authStr =
((creds.Domain != null) && (creds.Domain.Length 0) ?
creds.Domain + @"\" : string.Empty) +
creds.UserName + ":" + creds.Password;
authStr = Convert.ToBase64String(Encoding.Default.GetBytes(a uthStr));
webRequest.Headers["Authorization"] = "Basic " + authStr;
}
return webRequest;
}
}

....and then use OBACnetWSCore for your proxy.

/Hans
Mar 31 '07 #6


"Hans Liss" wrote:
"Mariano Omar Rodriguez" wrote:
Just use CredentialCache instead of NetworkCredentials and the
PreAuthenticate property in true.

Don't bother with PreAuthenticate. To make this work properly you will have
to override the GetWebRequest method in your client proxy.
A comment, just to clarify: PreAuthenticate is what you want, it just
doesn't work properly. It causes the authentication header to be sent
automatically only on *subsequent calls*, never on the first one. The
homemade Authorization header technique i described above really is the best
way to do it right now, and let's just hope that Microsoft decides to
implement a proper PreAuthenticate behaviour sometime soon.

Please note also that, when *not* using this trick, in some situations
(talking with an Axis server, for instance) you will get a protocol error on
the second call, because there is something wrong with the .NET
implementation of HTTP 1.1. In these situations you will have to override the
GetWebRequest method anyway, to force it to use HTTP 1.0.

/Hans
Mar 31 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Paul Hutchinson | last post: by
reply views Thread by kim123 | last post: by
5 posts views Thread by =?Utf-8?B?TWFyaw==?= | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.