Wednesday, February 4, 2009

WORKAROUND: Misconfigured Windows-Integrated Authentication for Web Services

In trying to drive a process from a SharePoint list, I ran across a problem...

I couldn't create a web reference in my C# project due to some really weird problem... In the "Add web reference" wizard, I entered my URL, and was surprised by a pop-up titled "Discovery Credential", asking me for credentials for the site.

Since I was on the local domain and had "owner" permissions to the site, I thought I would just waltz in and get the WSDL.

Ok, so it wants creds... I gave it my own.

Negative...!?!?

After a few attempts and access denied errors, I hit Cancel, and was rewarded by, of all things, the WSDL display... but I still couldn't add the reference.

After quite a bit of wrestling, it turns out there was an authentication provider configuration problem. The site was configured to use Kerberos authentication, but the active directory configuration was not set up correctly. (I believe it needed someone to use SetSPN to update the Service Principal Name (SPN) for the service.)

One way to resolve the problem was to set the authentication provider to NTLM, but in my case, I didn't have, (and wasn't likely to get) that configuration changed in the site (a SharePoint Web Application) I really needed access to.

In order to make it work, I had to initially create my reference to a similar, accessible site.

(e.g. http://host/sites/myaccessiblesite/_vti_bin/lists.asmx )

Then, I had to initialize the service as such, in code:




private void InitWebService()
{
System.Net.AuthenticationManager.Unregister("Basic");

System.Net.AuthenticationManager.Unregister("Kerberos");

//System.Net.AuthenticationManager.Unregister("Ntlm");

System.Net.AuthenticationManager.Unregister("Negotiate");

System.Net.AuthenticationManager.Unregister("Digest");



SmokeTestSite.Lists workingLists = new SmokeTest.SmokeTestSite.Lists();

workingLists.Url = "http://host/sites/mybrokensite/_vti_bin/lists.asmx";

workingLists.UseDefaultCredentials = true;

workingLists.Proxy = null;

lists = workingLists;
}


What this accomplishes is it unregisters all authentication managers in your application domain. (This can only be done once in the same app domain. Attempts to unregister the same manager more than once while the program's running will throw an exception.)

So by having all the other authentication managers disabled in the client, the server would negotiate and agree on Ntlm authentication, which succeeds.

15 comments:

masters dissertation help said...

Nice Code sharing, knowledge from the content of your article.

www.writemypapers.org said...

Your article is good. I like style of your writing. So I got pleasure reading it. Thanks a lot!

Margosha said...

The article is really interesting!At top-writing-services you can find even more valuable information!

Ursula said...

Great article and quite interesting content. I liked this page. To find more, see it here.

Adam Jack said...

There's no question that group lessons work. With busy schedules these days, and lack of free time, we all sense a need to be more efficient. From experience, I have seen over fifty Skateboarding-lessons.com to ride off of curbs in their first private lesson.

angelacooper839 said...

Very nice and unique blog among all thanks for sharing. buy argumentative essay

Karoline Page said...

I am glad that I came across this blog. Really informative and helpful, thank you. Keep on posting. academic-writings.com

Joselin Smitt said...

When you begin write essay, very important, before you start need understand what type of essay you are required to write! If you after a while understand, that you not handle with it, you can visit here http://essay-professors.com and order it on this site!

Michael Jones said...

Truly, this article is really one of the very best in the history of articles. I am a antique ’Article’ collector and I sometimes read some new articles if I find them interesting.
Assignment Help

Michael Jones said...

I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. . buy specs online

Alex Jones said...

Do your friends make fun of you for staying at home on weekends? Assignments make a lot of people work like this. Get them done from AllAssignmentHelp.co.uk.
Assignment Help

Alex jones said...

Really I appreciate the effort you made to share the knowledge. The topic here I found was really effective to the topic which I was researching for a long time.
Homework Help

Amy Willor said...

A high-standard post with all imperative information about assignment help UK services. Looking forward to avail the premium services.

haryjohn8feb said...

Excellent and nice post. It will beneficial for everyone. Thanks for sharing such a wonderful post. Avail No 1 custom essay writing help UK from certified PhD writers. It is extremely helpful for me. You can email us at info@ukdissertationhelp.co.uk or Phone Number - 020 8144 9988

Tillock Watson said...



A high-level post with a piece of knowledgeable information.Thank you for sharing such information.
if you need any academic level Assignment Help at reliable quality with better work.
kindly visit us or WhatsApp or call +61 2 80113341