L
LarryKuperman
Our WebDev team seems to have found a problem that exposes a bug in .NET 2.0.
This problem can be shown when trying to access a WebService using SSL and
through a proxy server after using the HttpWebRequest object.
Under normal circumstances I am able to use the webservice without any
problems. But after using an HttpWebRequest object to make a call to a
website
all subsequent attempts to use the WebService will fail with a 401
Unauthorized error. This problem appears to be directly related to when the
Client's Internet Explorer settings are configured to use a Proxy server for
http requests. If the settings for the proxy server are disabled everything
works as expected.
Server Configuration:
Windows 2003 Server Service Pack 2
IIS 6.0, Using SSL Port 443, Anonymous access disabled, using Integrated
Windows Authentication
..Net 2.0
Client:
Windows XP Service Pack 2
..Net 2.0
IE 7, configured to use a proxy server
Below is sample code that can be used to reproduce the problem with a CSharp
Windows Application.
//PreRequisites: Webservice must be using SSL (https) and does
not allow anoymous connections(using Integrated Windows Authentication)
//Client's IE Settings requires http requests to go through a
Proxy server. (If proxy is not enabled the below scenario works properly)
//Create Web Service Object
YourWebService webServiceObject = new YourWebService();
//Set Credentials for Web Service
webServiceObject.Credentials = new
System.Net.NetworkCredential("username", "password", "domain");
//Call a method from the Web Service. This Call works without
any errors.
object returnObject = webServiceObject.anyWebServiceMethod();
//Create HttpWebRequest Object to any non secure web page
HttpWebRequest webRequestObject =
(HttpWebRequest)HttpWebRequest.Create("http://www.microsoft.com/");
//Call GetResponse
HttpWebResponse testRes =
(HttpWebResponse)webRequestObject.GetResponse();
//Call the same method from the Same Web Service Object. This
call will fail.
returnObject = webServiceObject.anyWebServiceMethod();
//The Above call will fail with the following error
//"The request failed with HTTP status 401: Unauthorized."
//Sample Stack Trace of the error
//at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
//at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
//at Proxy.[snip].Service.ValidateAccount(String email, String
password, OperatingSystemInfo osInfo) in
C:\Projects\Sandbox\CSharp\ProxyTest\Web References\[snip]\Reference.cs:line
336
//at Proxy.Form1.Form1_Load(Object sender, EventArgs e) in
C:\Projects\Sandbox\CSharp\ProxyTest\Form1.cs:line 38
//at System.Windows.Forms.Form.OnLoad(EventArgs e)
//at System.Windows.Forms.Form.OnCreateControl()
//at System.Windows.Forms.Control.CreateControl(Boolean
fIgnoreVisible)
//at System.Windows.Forms.Control.CreateControl()
//at System.Windows.Forms.Control.WmShowWindow(Message& m)
//at System.Windows.Forms.Control.WndProc(Message& m)
//at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
//at System.Windows.Forms.ContainerControl.WndProc(Message& m)
//at System.Windows.Forms.Form.WmShowWindow(Message& m)
//at System.Windows.Forms.Form.WndProc(Message& m)
//at
System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
//at
System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
//at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
//at System.Windows.Forms.SafeNativeMethods.ShowWindow(HandleRef
hWnd, Int32 nCmdShow)
//at System.Windows.Forms.Control.SetVisibleCore(Boolean value)
//at System.Windows.Forms.Form.SetVisibleCore(Boolean value)
//at System.Windows.Forms.Control.set_Visible(Boolean value)
//at
System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32
reason, ApplicationContext context)
//at
System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason,
ApplicationContext context)
//at System.Windows.Forms.Application.Run(Form mainForm)
//at Proxy.Program.Main() in
C:\Projects\Sandbox\CSharp\Proxy\Proxy\Program.cs:line 17
//at System.AppDomain.nExecuteAssembly(Assembly assembly,
String[] args)
//at System.AppDomain.ExecuteAssembly(String assemblyFile,
Evidence assemblySecurity, String[] args)
//at
Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
//at System.Threading.ThreadHelper.ThreadStart_Context(Object
state)
//at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
//at System.Threading.ThreadHelper.ThreadStart()
Please do not hesitate to contact me if you require any additional
information or if you have a solution.
This problem can be shown when trying to access a WebService using SSL and
through a proxy server after using the HttpWebRequest object.
Under normal circumstances I am able to use the webservice without any
problems. But after using an HttpWebRequest object to make a call to a
website
all subsequent attempts to use the WebService will fail with a 401
Unauthorized error. This problem appears to be directly related to when the
Client's Internet Explorer settings are configured to use a Proxy server for
http requests. If the settings for the proxy server are disabled everything
works as expected.
Server Configuration:
Windows 2003 Server Service Pack 2
IIS 6.0, Using SSL Port 443, Anonymous access disabled, using Integrated
Windows Authentication
..Net 2.0
Client:
Windows XP Service Pack 2
..Net 2.0
IE 7, configured to use a proxy server
Below is sample code that can be used to reproduce the problem with a CSharp
Windows Application.
//PreRequisites: Webservice must be using SSL (https) and does
not allow anoymous connections(using Integrated Windows Authentication)
//Client's IE Settings requires http requests to go through a
Proxy server. (If proxy is not enabled the below scenario works properly)
//Create Web Service Object
YourWebService webServiceObject = new YourWebService();
//Set Credentials for Web Service
webServiceObject.Credentials = new
System.Net.NetworkCredential("username", "password", "domain");
//Call a method from the Web Service. This Call works without
any errors.
object returnObject = webServiceObject.anyWebServiceMethod();
//Create HttpWebRequest Object to any non secure web page
HttpWebRequest webRequestObject =
(HttpWebRequest)HttpWebRequest.Create("http://www.microsoft.com/");
//Call GetResponse
HttpWebResponse testRes =
(HttpWebResponse)webRequestObject.GetResponse();
//Call the same method from the Same Web Service Object. This
call will fail.
returnObject = webServiceObject.anyWebServiceMethod();
//The Above call will fail with the following error
//"The request failed with HTTP status 401: Unauthorized."
//Sample Stack Trace of the error
//at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
//at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
//at Proxy.[snip].Service.ValidateAccount(String email, String
password, OperatingSystemInfo osInfo) in
C:\Projects\Sandbox\CSharp\ProxyTest\Web References\[snip]\Reference.cs:line
336
//at Proxy.Form1.Form1_Load(Object sender, EventArgs e) in
C:\Projects\Sandbox\CSharp\ProxyTest\Form1.cs:line 38
//at System.Windows.Forms.Form.OnLoad(EventArgs e)
//at System.Windows.Forms.Form.OnCreateControl()
//at System.Windows.Forms.Control.CreateControl(Boolean
fIgnoreVisible)
//at System.Windows.Forms.Control.CreateControl()
//at System.Windows.Forms.Control.WmShowWindow(Message& m)
//at System.Windows.Forms.Control.WndProc(Message& m)
//at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
//at System.Windows.Forms.ContainerControl.WndProc(Message& m)
//at System.Windows.Forms.Form.WmShowWindow(Message& m)
//at System.Windows.Forms.Form.WndProc(Message& m)
//at
System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
//at
System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
//at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
//at System.Windows.Forms.SafeNativeMethods.ShowWindow(HandleRef
hWnd, Int32 nCmdShow)
//at System.Windows.Forms.Control.SetVisibleCore(Boolean value)
//at System.Windows.Forms.Form.SetVisibleCore(Boolean value)
//at System.Windows.Forms.Control.set_Visible(Boolean value)
//at
System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32
reason, ApplicationContext context)
//at
System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason,
ApplicationContext context)
//at System.Windows.Forms.Application.Run(Form mainForm)
//at Proxy.Program.Main() in
C:\Projects\Sandbox\CSharp\Proxy\Proxy\Program.cs:line 17
//at System.AppDomain.nExecuteAssembly(Assembly assembly,
String[] args)
//at System.AppDomain.ExecuteAssembly(String assemblyFile,
Evidence assemblySecurity, String[] args)
//at
Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
//at System.Threading.ThreadHelper.ThreadStart_Context(Object
state)
//at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
//at System.Threading.ThreadHelper.ThreadStart()
Please do not hesitate to contact me if you require any additional
information or if you have a solution.