.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
web.config 101
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngsec' list.


George Pagotelis
I have some simple asmx files running on my web server. When I have NO
web.config
file the following code runs BUT if I stick in my web.config it gives me
an unauthorized message.

<%@ WebService Language="C#" Class="ADOWebSvc" %>

using System;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Web.Services;

[WebService(Namespace="http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";)]
public class ADOWebSvc : WebService
{
string cs = "server=ecommerce;database=pubs;uid=sa;pwd=;";

[WebMethod(Description="Fetch all authors.")]
public DataSet GetAuthors()
{
SqlDataAdapter adpt = new SqlDataAdapter("SELECT * FROM authors",
cs);
DataSet ds = new DataSet();
adpt.Fill(ds);
return ds;
}
}

I get this error:
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Net.WebException: The request failed with HTTP
status 401: Unauthorized.

Source Error:

Line 34:
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://www.o
reilly.com/webservices/GetAuthors",
RequestNamespace="http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";,
ResponseNamespace="http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";,
Use=System.Web.Services.Description.SoapBindingUse.Literal,
ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)
]
Line 35: public System.Data.DataSet GetAuthors() {
Line 36: object[] results = this.Invoke("GetAuthors", new
object[0]);
Line 37: return ((System.Data.DataSet)(results[0]));
Line 38: }

Source File: c:\inetpub\wwwroot\services\ADOWebSvc.cs Line: 36

What is wrong with this basic web config???

Web.Config
------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
</appSettings>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file
that executes
more slowly, you should set this value to true only when
debugging and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="false" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the
application. Possible modes are "Windows",
"Forms", "Passport" and "None"
-->

<authentication mode="None" />

<!-- AUTHORIZATION
This section sets the authorization policies of the
application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->

<authorization>
<deny users="?" />
</authorization>

<identity impersonate='true'/>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every
page within an application.
Set trace enabled="true" to enable application trace logging.
If pageOutput="true", the
trace information will be displayed at the bottom of each
page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from
your web application
root.
-->
<trace enabled="false" requestLimit="10"
pageOutput="false" traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests
belong to a particular session.
If cookies are not available, a session can be tracked by
adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the
application.
-->
<globalization requestEncoding="utf-8"
responseEncoding="utf-8"/>
</system.web>
</configuration>
Reply to this message...
 
    
Jeff Reese
Hi George,

You're denying all unauthenticated users through the use of:

<authorization>
<deny users=3D"?" />
</authorization>

But you're not providing any way for users to authenticate themselves:

<authentication mode=3D"None" />

Try removing the <authorization> section.

--
Jeff Reese
Click here to reveal e-mail address

-----Original Message-----
From: George Pagotelis [mailto:Click here to reveal e-mail address]=20
Sent: Saturday, June 22, 2002 7:02 AM
To: aspngsec
Subject: [aspngsec] web.config 101

I have some simple asmx files running on my web server. When I have NO
web.config
file the following code runs BUT if I stick in my web.config it gives me
an unauthorized message.
=20
=20
<%@ WebService Language=3D"C#" Class=3D"ADOWebSvc" %>
=20
using System;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Web.Services;
=20
[WebService(Namespace=3D"http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";)]
public class ADOWebSvc : WebService
{
string cs =3D "server=3Decommerce;database=3Dpubs;uid=3Dsa;pwd=3D;";
=20
[WebMethod(Description=3D"Fetch all authors.")]
public DataSet GetAuthors()
{
SqlDataAdapter adpt =3D new SqlDataAdapter("SELECT * FROM authors",
cs);
DataSet ds =3D new DataSet();
adpt.Fill(ds);
return ds;
}
}
=20
=20
I get this error:
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.=20

Exception Details: System.Net.WebException: The request failed with HTTP
status 401: Unauthorized.

Source Error:=20

=20
Line 34:
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://www.o
reilly.com/webservices/GetAuthors",
RequestNamespace=3D"http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";,
ResponseNamespace=3D"http://www.oreilly.com/webservices"" target="_blank">http://www.oreilly.com/webservices";,
Use=3DSystem.Web.Services.Description.SoapBindingUse.Literal,
ParameterStyle=3DSystem.Web.Services.Protocols.SoapParameterStyle.Wrapped=
)
]
Line 35: public System.Data.DataSet GetAuthors() {
Line 36: object[] results =3D this.Invoke("GetAuthors", new
object[0]);
Line 37: return ((System.Data.DataSet)(results[0]));
Line 38: }

Source File: c:\inetpub\wwwroot\services\ADOWebSvc.cs Line: 36
=20
What is wrong with this basic web config???
=20
Web.Config
------------------
<?xml version=3D"1.0" encoding=3D"utf-8" ?>
<configuration>
<appSettings>
</appSettings>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug=3D"true" to insert debugging symbols =
(.pdb
information)
into the compiled page. Because this creates a larger file
that executes
more slowly, you should set this value to true only when
debugging and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage=3D"vb" debug=3D"false" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode=3D"On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode=3D"Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the
application. Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
=20
<authentication mode=3D"None" />
=20
<!-- AUTHORIZATION
This section sets the authorization policies of the
application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
=20
<authorization>
<deny users=3D"?" />
</authorization>
=20
<identity impersonate=3D'true'/>
=20
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every
page within an application.
Set trace enabled=3D"true" to enable application trace =
logging.
If pageOutput=3D"true", the
trace information will be displayed at the bottom of each
page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from
your web application
root.
-->
<trace enabled=3D"false" requestLimit=3D"10"
pageOutput=3D"false" traceMode=3D"SortByTime" localOnly=3D"true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests
belong to a particular session.
If cookies are not available, a session can be tracked by
adding a session identifier to the URL.
To disable cookies, set sessionState cookieless=3D"true".
-->
<sessionState mode=3D"InProc"
stateConnectionString=3D"tcpip=3D127.0.0.1:42424" =
sqlConnectionString=3D"data
source=3D127.0.0.1;user id=3Dsa;password=3D" cookieless=3D"false" =
timeout=3D"20"
/>
=20
<!-- GLOBALIZATION
This section sets the globalization settings of the
application.
-->
<globalization requestEncoding=3D"utf-8"
responseEncoding=3D"utf-8"/>
</system.web>
</configuration>
Reply to this message...
 
 
System.Data.DataSet
System.Data.SqlClient.SqlDataAdapter
System.Net.WebException
System.Web.Services.Description.SoapBindingUse
System.Web.Services.Protocols.SoapDocumentMethodAttribute
System.Web.Services.Protocols.SoapParameterStyle
System.Web.Services.WebService




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification