Monday, January 16, 2006

XML Web Service Authentication Failures

Ok, this is just because I'm a geek. Next time you get HTTP 401 errors when you try to invoke a web service call using a Visual Studio generated proxy, don't forget to assign System.Net.CredentialCache.DefaultCredentials to your proxy's Credentials property. Also, ensure that the Windows Integrated Authentication checkbox is selected in IIS, and that the .asmx and CodeBehind files of your web service have read and execute NTFS permissions for your client user. FYI: The best practice is to assign the permissions to the folder in which the virtual directory resides, and allow the children (i.e. the asmx files) to inherit the permissions.

1 comment:

Jono said...

This is probably pedantic but there are a few other considerations:
1) if the web service needs to impersonate the currently logged on user to access a database or active directory, you'll want to use Windows Integrated Authentication in IIS.
2) if step 1 is true then there's no point in allowing anonymous access from IIS.
3) either way, there is no need to grant IUSR_MACHINENAME read permissions on the file system because the .asmx files are opened by the user account specified in the IIS Application Pool (network service by default).