Databases
StackOverflow2013
Postsdbo
POASMX web service to allow anonymous access
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POASMX web service to allow anonymous access
    primarykey
    data
    text
    <p>I am experiencing an authorization error for an asmx web service that I developed. The web service itself does not require any user credentials, but it seems like the web service is configured to enforce that, although I tried to set the configuration such as to allow for anonymous access:</p> <p>I have set the corresponding web site in IIS to allow for anonymous access:</p> <p><img src="https://i.stack.imgur.com/JPy40.png" alt="Screenshot of IIS setting"></p> <p>Further I have included the following lines in the <code>web.config</code>:</p> <pre><code>&lt;configuration&gt; ... &lt;system.web&gt; ... &lt;authorization&gt; &lt;allow users="*"/&gt; &lt;/authorization&gt; ... &lt;/system.web&gt; ... &lt;/configuration&gt; </code></pre> <p>When trying to call the web service from a test client, I get this error message:</p> <blockquote> <p>The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.</p> </blockquote> <p>The line of code calling the web service looks like this:</p> <pre><code>string message = new ServiceReference1.Service1SoapClient().HelloWorld(); </code></pre> <p>And the code of the web service:</p> <pre><code>[WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] public class Service1 : System.Web.Services.WebService { [WebMethod] public string HelloWorld() { return "Hello World"; } } </code></pre> <p>Some important points:</p> <ul> <li>If I try and set the client to authenticate using NTLM, it works fine.</li> <li>If I try and set the client not to authenticate, it fails with the message above.</li> <li>If I try and access the web service using a web browser, I also get a FORBIDDEN error message instead of the expected web service documentation page.</li> <li>If I run the web service from within Visual Studio and configure the client to access that service (localhost...), it works fine.</li> <li>See below for even more details</li> </ul> <hr> <p>I also tried and put the authorization tag within a location tag pointing to the web service:</p> <pre><code>&lt;location path="Service1.asmx"&gt; &lt;system.web&gt; &lt;authorization&gt; &lt;allow users="*" /&gt; &lt;/authorization&gt; &lt;/system.web&gt; &lt;/location&gt; </code></pre> <p>This is how the <em>client</em> configuration (app.config) looks like (please note that as mentioned above, I can't even access the service using a web browser, so I dont' consider the client configuration relevant):</p> <pre><code>&lt;?xml version="1.0" encoding="utf-8" ?&gt; &lt;configuration&gt; &lt;system.serviceModel&gt; &lt;bindings&gt; &lt;basicHttpBinding&gt; &lt;binding name="Service1Soap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"&gt; &lt;readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /&gt; &lt;security mode="None"&gt; &lt;transport clientCredentialType="None" proxyCredentialType="None" realm="" /&gt; &lt;message clientCredentialType="UserName" algorithmSuite="Default" /&gt; &lt;/security&gt; &lt;/binding&gt; &lt;/basicHttpBinding&gt; &lt;/bindings&gt; &lt;client&gt; &lt;endpoint address="http://name.of.the.server.example.org/Service1.asmx" binding="basicHttpBinding" bindingConfiguration="Service1Soap" contract="ServiceReference1.Service1Soap" name="Service1Soap" /&gt; &lt;/client&gt; &lt;/system.serviceModel&gt; &lt;/configuration&gt; </code></pre> <p>Any Ideas?</p> <hr> <p>Update: I found the following file:</p> <pre><code>C:\WINNT\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\web.config </code></pre> <p>Does it have any relevance to a custom web application, and if yes, don't the settings of my own web.config override the settings of that file?</p> <p>Contents of that file:</p> <pre><code>&lt;configuration&gt; &lt;system.web&gt; &lt;membership&gt; &lt;providers&gt; &lt;add name="WebAdminMembershipProvider" type="System.Web.Administration.WebAdminMembershipProvider" /&gt; &lt;/providers&gt; &lt;/membership&gt; &lt;httpModules&gt; &lt;add name="WebAdminModule" type="System.Web.Administration.WebAdminModule"/&gt; &lt;/httpModules&gt; &lt;authentication mode="Windows"/&gt; &lt;authorization&gt; &lt;deny users="?"/&gt; &lt;/authorization&gt; &lt;identity impersonate="true"/&gt; &lt;trust level="Full"/&gt; &lt;pages validateRequest="true"/&gt; &lt;globalization uiCulture="auto:en-US" /&gt; &lt;/system.web&gt; &lt;/configuration&gt; </code></pre> <p>Though there is another file:</p> <pre><code>C:\WINNT\Microsoft.NET\Framework\v2.0.50727\config\web.config </code></pre> <p>And I think that rather this one is the system-wide web.config file. This file in fact <em>allows</em> access to all users:</p> <pre><code>&lt;system.web&gt; &lt;authorization&gt; &lt;allow users="*"/&gt; &lt;/authorization&gt; </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USchiccodoro
    1. USchiccodoro
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POASMX web service to allow anonymous access
      1. USchiccodoro
      1. VTBountyStart
    2. VO
      singulars
      1. POASMX web service to allow anonymous access
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POASMX web service to allow anonymous access
      1. This table or related slice is empty.
      1. VTUpMod
    1. COA couple things... Could you post the web.config section from the test client that concerns the client-side service configuration? Also, have you tried making the method static on the service side? I know in some other contexts (such as regular aspx pages), WebMethods are required to be static, but I don't remember for asmx.
      singulars
      1. POASMX web service to allow anonymous access
      1. USAndrew
    2. CO@Andrew: Thanks for your comment. I have added some more details to my questions. I also tried accessing via web browser, so the app.config might not be too relevant. I still added it for reference. You never know...
      singulars
      1. POASMX web service to allow anonymous access
      1. USchiccodoro
    3. CODoes the user you're using for anonymous access have reading rights on your folder?
      singulars
      1. POASMX web service to allow anonymous access
      1. USMartin Buberl
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload