FIX: Web Services Methods Fail When Invoked from Digest Authenticated Applications (318062)


The information in this article applies to:

  • Microsoft Web Services (included with the .NET Framework) 1.0
This article was previously published under Q318062

SYMPTOMS

Note The following .NET Framework Class Library namespaces are referenced in this article:

System.Web.Services
System.Security.Principal

When you enable a Digest authentication for a Web Service in Internet Information Server (IIS) 5.0, the following error is returned:
HTTP 401.4 - Unauthorized: Authorization denied by filter

RESOLUTION

This bug will be fixed in Windows 2000 Service Pack 3.

STATUS

This bug was corrected in .NET Framework (2003|1.1).

MORE INFORMATION

Steps to Reproduce Behavior

  1. Open Notepad and copy the following code to create a Test.asmx file:
    <%@ WebService Language="c#" class="AuthVarsService" %>
using System;
using System.Web;
using System.Web.Services;
using System.Security.Principal;

public class AuthVarsService : WebService {

    [WebMethod]
    public String GetValue() 
   {
	String _MyString="";

	WindowsImpersonationContext ctx = ((WindowsIdentity)Context.User.Identity).Impersonate();

	_MyString  += "{Request.IsAuthenticated = " + Context.Request.IsAuthenticated + "}<br>";
	_MyString  += "{AUTH_TYPE = " + Context.Request.ServerVariables["AUTH_TYPE"]  + "}<br>";
	_MyString  += "{AUTH_USER = " + Context.Request.ServerVariables["AUTH_USER"]  + "}<br>";
	_MyString  += "{AUTH_PASSWORD = " + Context.Request.ServerVariables["AUTH_PASSWORD"]  + "}<br>";
	_MyString  += "{LOGON_USER = " + Context.Request.ServerVariables["LOGON_USER"]  + "}<br>";
	_MyString  += "{REMOTE_USER = " + Context.Request.ServerVariables["REMOTE_USER"]  + "}<br>";
	_MyString += "{Context.User.Identity.Name =" + Context.User.Identity.Name + "}<br>";
	_MyString += "{Context.User.Identity.AuthenticationType =" + Context.User.Identity.AuthenticationType  + "}<br>";

	_MyString += "{WindowsIdentity.GetCurrent().Name =" + System.Security.Principal.WindowsIdentity.GetCurrent().Name + "}" ;

	return _MyString;
   }

}
  2. Create a virtual directory named App in IIS, and copy the Test.asmx page to its root directory.
  3. Right-click the App virtual directory in IIS, and then click Properties.
  4. Click the Directory Security tab.
  5. Under Anonymous Access and Authentication Control, click Edit.
  6. Request the page with the following URL:

    http://localhost/app/test.asmx/GetValue

  7. Make sure that only Digest authentication for Windows domain servers is selected.
  8. Provide valid logon credentials for Digest authentication.

    NOTE: Digest authentication requires Active Directory.
Upon successful authentication, you receive the following message:

200 OK

However, you receive the error message that is listed in the "Symptoms" section.

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

222028 Setting Up Digest Authentication for Use with Internet Information Services 5.0

Modification Type:MajorLast Reviewed:4/7/2003
Keywords:kbbug kbfix KB318062
©2002 Microsoft Corporation. All rights reserved.