Getting 401 Access denied w/ Endpoint in SQL 2005 from C# client

I have a Windows Forms application in C# (VS.NET 2005) that accesses SQL 2005
web services using integrated authentication.
In development (Windows XP Pro, SQL 2005 Dev) the SQL servers are on the
same workstations as the client and connectivity works fine.
In testing, the windows app is begin deployed to a Windows 2000 Server
workstation and SQL Server 2005 is installed on a Windows 2003 Server. Both
are on the same domain. The user logged into the client station has admin
access on the server and dbo access (and in this case created the endpoints).
However, when the client attempts to access the server, 401 Access Denied is
returned.
The server specifies Integrated Authentication as follows:
CREATE ENDPOINT RMS
STATE = STARTED
AS HTTP (
SITE = 'SERVER',
PATH = '/sql/app1',
AUTHENTICATION = (INTEGRATED),
PORTS=(CLEAR)
)
The client adds the credentials to the cache before the call:
ws.Credentials =
System.Net.CredentialCache.DefaultCredentials;
I think I've covered everything here and from what I have read, the error
indicates that the user is not being authenticated (vs an issue with any
specific SQL object permissions).
Any ideas on what might be happening here and how to fix?
Thanks
-Luther
Hi Luther,
welcome to MSDN newsgroup.
As for the SQL2005's endpoint SOAP webservice, after you created the
endpoint, have you tried using IE browser to view the WSDL document of that
endpoint service? e.g:
http://servername/sql/test_endpoint?WSDL
If this also not work, the problem is likely due to the serverside
setting... If that works, we may need to check the client side code...
Also, you can print out the thread's current secuirty principal to see
whether it is the correct domain account of the server machine ...
In addition , you can also try adding the "Authorizing" setting to grant
certain user/role the permission as below:
AUTHORIZATION sa -- with optional authorization for owner
=======================
CREATE ENDPOINT zipcodes -- create the Http Endpoint
AUTHORIZATION sa -- with optional authorization for owner
STATE = STARTED -- the state of the endpoint
AS HTTP ( -- can be http, tcp, ...
path='/sql/zipcodes', -- the virtual path
AUTHENTICATION=(INTEGRATED), -- type of authentication
PORTS=(CLEAR), -- which ports (clear=all)
SITE ='*' -- site can be '*" or 'myserver'
)
FOR SOAP( -- type of protocol, in this case, SOAP for a webservice
WEBMETHOD 'http://tempuri.org/'.'DistanceBetweenzZipCodes'
-- define the webmethod(s) and fully qualified sproc
(name='zipcodes.dbo.DistanceBetweenZipcodes',
SCHEMA = STANDARD ),
======================
If there're any other findings, please feel free to post here.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
| Thread-Topic: Getting 401 Access denied w/ Endpoint in SQL 2005 from C#
client
| thread-index: AcYMnwmiqttQJ9quQhelBHxCetS8Eg==
| X-WBNR-Posting-Host: 63.211.139.67
| From: "=?Utf-8?B?THV0aGVyIE1pbGxlcg==?=" <lex3001@.community.nospam>
| Subject: Getting 401 Access denied w/ Endpoint in SQL 2005 from C# client
| Date: Thu, 29 Dec 2005 09:41:02 -0800
| Lines: 39
| Message-ID: <910F2F43-FF93-4110-A162-2C04A46F4451@.microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.sqlserver.connect
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.connect:46496
| X-Tomcat-NG: microsoft.public.sqlserver.connect
|
| I have a Windows Forms application in C# (VS.NET 2005) that accesses SQL
2005
| web services using integrated authentication.
|
| In development (Windows XP Pro, SQL 2005 Dev) the SQL servers are on the
| same workstations as the client and connectivity works fine.
|
| In testing, the windows app is begin deployed to a Windows 2000 Server
| workstation and SQL Server 2005 is installed on a Windows 2003 Server.
Both
| are on the same domain. The user logged into the client station has admin
| access on the server and dbo access (and in this case created the
endpoints).
|
| However, when the client attempts to access the server, 401 Access Denied
is
| returned.
|
| The server specifies Integrated Authentication as follows:
|
| CREATE ENDPOINT RMS
| STATE = STARTED
| AS HTTP (
| SITE = 'SERVER',
| PATH = '/sql/app1',
| AUTHENTICATION = (INTEGRATED),
| PORTS=(CLEAR)
| )
|
| The client adds the credentials to the cache before the call:
|
| ws.Credentials =
| System.Net.CredentialCache.DefaultCredentials;
|
| I think I've covered everything here and from what I have read, the error
| indicates that the user is not being authenticated (vs an issue with any
| specific SQL object permissions).
|
| Any ideas on what might be happening here and how to fix?
|
| Thanks
| -Luther
|
|