I have created a webservice in a ASP.net. All the access to the respective website is done through HTTPS. The service which I have added is only one among many others.
I am trying to access just for test purposes this service through Javascript (Ajax, json). The final target is actually Android.
I am getting the following message:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
The main problem here is inconsistency: while my webservice in inaccessible, another previously written webservice is accessible. Another apparent inconsistency is that even if I tried a compromise solution by adding the needed methods to the accessible webservice, these methods themselves incur a 401 error.
So, my question is related to both "Why doesn't my webservice work" and "How is this supposed to work", with more emphasis on the latter.
Thank you.
Never mind !
Since I was oblivious to the depths of the code I was changing on our server, I did not know that the 401 error message is sent due to the way the code is organised. To access other services, I had to authenticate first through the authentication webservice.
Related
It might be a dummy question on security.
I'm working on a file access service, trying to do authentication for it.
For example, I should be able to know who's the request issuer, and whether he/she has the permission to access the file he/she requests.
I'm using grpc to do communication, and grpc seems to natively support a bunch of authentication methods. I tried one of them (https://grpc.io/docs/guides/auth/#using-google-token-based-authentication). The client side code is exactly the same as in the doc. I'm using C++.
But I get the error
E0812 19:03:32.173663955 3576491 ssl_transport_security.cc:1509] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
I'm wondering what else should I do?
Our error logger is picking up the following error periodically:
System.InvalidOperationException: Request format is unrecognized for
URL unexpectedly ending in '/TheMethodName'
The reason this error is being thrown is because the request to the script service is using the GET method, and the default security settings only allow POST requests.
The strange part is that the only place in our code where we are calling this particular service method is through an $.ajax call, and it is specifically using type: 'POST'. There is no other place in the app where a GET request is made for this service.
The ui is making the POST call every 20 seconds to retrieve some data, and it does not seem that the GET's are interfering with that -- they are just extraneous. I've looked at the IIS logs, and I can see the proper POST requests, and then sometimes a GET request.
As an added wrinkle, it's not just this web service that is getting the extra GET calls -- we are logging these to several other service endpoints as well.
My guess is that the browser or a proxy server or something is making these calls on its own (like as part of prefetching or some sort of caching), but I have no evidence of that. In looking at the user agent for the bad requests, they are coming in from a variety of browsers.
Has anybody else seen this before, or have an idea of what might be causing it?
I have My Sharepoint Web Service URL, but when i try to access it i get HTTP Request Error. My Share point Webservice has credentials in it. I have also set that in Flex.
webService.setRemoteCredentials("CITMOSS\Administrator","Pa$$w0rd");
When i trace the url, my console does read the XML, but i am unable to call the method. It throws me HTTP Request Error.
Any Possible solutions on this.
Thanks
If you access that web service manually from the same machine does it work?
Is there a way you could put something like Fiddler in the way to trace the network traffic and find out what is going on?
There are loads of things that could be causing a problem here, in Flex, in the web service and absolutely everywhere in between. Checking your event logs and sharepoint logs might also be informative, but if those yeild nothing then looking at the HTTP traffic will probably be most useful.
When accessing an application I've written FireBug shows that each call to a web service or HTTP handler is attempted three times, and the first two times show as '401 Unauthorized' even though they return the correct result. This consistent. Every call does this same thing.
Any ideas why this happens?
It is performing a negotiation for NTLM authorization. Check on the MSDN on Microsoft NTLM: http://msdn.microsoft.com/en-us/library/aa378749.aspx
This occurs (in certain setups) when accessing an IIS server marked as Integrated Windows Authentication.
This occurs only when using NTLM (and not Kerberos), it's part of the NTLM authentication process.
Are you sure that the calls that return 401 are also returning the correct result? They should not be.
This sounds like a negotiation for authorization.
I'm finding this problem every now and then in my production website, and it has me absolutely stumped...
My app works perfectly in both dev and production, but every now and then, I get an e-mail from my global error handling with this:
MESSAGE: This is an invalid webresource request.
URL: /WebResource.axd
(which means that for some reason webresource.axd was requested without specifying any GET parameters)
I'm not doing anything with webresource.axd myself, I don't get any of my resources through it, it's only used automatically by .Net to serve it's typical JS for validators, etc.
Any idea why this might be getting requested without parameters?
Has anyone encountered this?
That definitely is a bot not doing very good job of crawling your web site. It processes your web form and locates reference to WebResource.axd, for example:
<script src="/site/WebResource.axd?d=MtIW_TBRtZCvAXDMJGwg4g2&t=633772897740666651" type="text/javascript"></script>
The bot expects static JavaScript files only and tries to download it by requesting WebResource.axd without parameters. The result is an exception thrown by System.Web.Handlers.AssemblyResourceLoader class and intercepted by Application_Error in Global.asax.
I believe this exception is harmless - the client will receive 404 error. You can safely ignore it.
We also have all of our errors emailed to us, and we occasionally get those too. They never seem to have a referrer, and the user agent is usually a little wacky. We write them off as bots.
I just checked a couple of the offending client IP's against Arin, and one them belonged to a web-spidering-type organization, so there's a little more evidence for the bot theory.
I would also log the useragent that made the request to WebResource.axd. It wouldn't surprise me if it was a bot crawling your site.
This discussion...
http://www.telerik.com/community/forums/aspnet/spell/this-is-an-invalid-webresource-request.aspx
... and this linked MSDN article...
http://msdn.microsoft.com/en-us/magazine/cc163708.aspx
... might shed a little light (though not much).