401从ASP.NET Web应用程序联系ASP.NET Web服务时未经授权
[英]401 Unauthorized when contacting ASP.NET web service from ASP.NET web application
问题描述
I have a single server (Windows 2003/IIS 6). 
我有一台服务器(Windows 2003 / IIS 6)。 This server has a few different "Web Sites" setup in IIS. 该服务器在IIS中具有一些不同的“网站”设置。 Each site is configured in IIS with a distinct host header (port 80). 每个站点都在IIS中配置了不同的主机头(端口80)。 In addition, each site also is accessible over a specified port number (without host header). 此外,还可以通过指定的端口号(没有主机头)访问每个站点。
For example: 例如:
MySite1: http://apps.mysite1.com or http://myserver:xxxx MySite1: http://apps.mysite1.com或HTTP:// MYSERVER:XXXX
MySite2: http://something.mysite2.com or http://myserver:yyyy MySite2: http://something.mysite2.com或HTTP:// MYSERVER:YYYY
I've edited my hosts file (it's a development machine) to redirect each site's host header to the local machine (127.0.0.1). 我已经编辑了hosts文件(这是一台开发计算机),将每个站点的主机标头重定向到本地计算机(127.0.0.1)。
I have an ASP.NET 2.0 web site in one IIS site (mysite1) and an ASP.NET 2.0 Web Service in another IIS site (mysite2). 我在一个IIS站点(mysite1)中有一个ASP.NET 2.0网站,在另一个IIS站点(mysite2)中有ASP.NET 2.0 Web服务。 The web site communicates with the web service using code similar to the following: 该网站使用类似于以下内容的代码与Web服务进行通信:
MyWebService svc = new MyWebService();
//also have tried "http://myserver:yyyy/MyWebService.asmx" below
svc.Url = "http://something.mysite2.com/MyWebService.asmx";
svc.Credentials = System.Net.CredentialCache.DefaultCredentials;
svc.MyMethod();
All sites are configured for Windows Integrated Security and ASP.NET is configured for Windows authentication with <identity impersonate="true" />. 所有站点都配置为Windows Integrated Security,ASP.NET配置为使用<identity impersonate =“ true” />进行Windows身份验证。 The security model dictates that the user logged into the web application, should be authenticated all the way through to the web service (and subsequently down to the underlying database(s), but that's not necessarily relevant here). 安全模型规定,登录到Web应用程序的用户应该一直进行身份验证,直到Web服务(然后再到基础数据库),但这在这里不一定是必需的。
I had this working fine, however I rebuilt my Web Service (new method) and now things are not working with the result to any Web Service call ending in a 401 Unauthorized message. 我的工作正常,但是我重新构建了Web服务(新方法),现在事情变得不顺利了,任何以401未经授权的消息结尾的Web服务调用都没有结果。
It does sound like a double-hop issue. 听起来确实像是两跳问题。 I believe it has something to do with the the web service not accepting the credentials being passed and challenging for new ones to be passed. 我相信这与Web服务有关,它不接受正在传递的凭证,并且对于要传递的新凭证具有挑战性。 Just not sure how to confirm this. 只是不确定如何确认这一点。 Not sure why it would challenge though - I am logged in as a machine/domain admin and IE is configured to pass credentials in Internet Options > Security tab > Custom Level > Automatic Logon in Intranet zone. 但不确定为什么会挑战-我以计算机/域管理员身份登录,并且IE配置为在“ Internet选项”>“安全性”选项卡>“自定义级别”>“ Intranet”区域中的“自动登录”中传递凭据。 Yes, the relevant sites are added to my "intranet zone". 是的,相关站点已添加到我的“内部网区域”。
What is the best way to troubleshoot this? 解决此问题的最佳方法是什么? Any ideas on what might be causing this now? 关于什么可能造成这种情况的任何想法?
TIA! TIA!
1 个解决方案
解决方案1
1 2009-04-14 16:04:13
This sounds like a double-hop issue . 这听起来像是两跳问题 。 To confirm if is a double-hop issue I would change the line which reads svc.Credentials = and explictly put in credentials to test with, and see if it works. 为了确认是否是双跳问题,我将更改读取svc.Credentials =的行,并显式放入凭据进行测试,然后看是否有效。 If it does work, then it is the double-hop issue, and you will need to resolve that. 如果确实有效,那么这就是双重问题,您将需要解决该问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.