# Tuesday, December 07, 2004

Maybe everybody knew this but me, but it’s been totally bugging me personally.  For my recent Web Services Applied class, when they set up the lab machines someone goofed up the permissions.  For reason or reasons I don’t understand (I’m guessing some kind of domain policy) there didn’t seem to be any way to get a web service running under IIS to allow anonymous access.  Everything worked fine with Integrated Authentication set, as long as the client knew what it was doing, which meant that WebServicesStudio worked just fine, you could hit the web service with IE and get the default page back.  But as soon as you tried to hit the web service from C# client code, you’d invariably get back HTTP 401.1 Unauthorized.  I tried changing every set of IIS and file system permissions I could think of, to no avail.  Crap.  Luckily, at long last Google once again came to the rescue.  I still don’t know why anonymous access doesn’t work, but I do know how to make the client problem go away.


        static void Main(string[] args)


            localhost.Service1 serv = new ConsoleApplication2.localhost.Service1();

            serv.Credentials = System.Net.CredentialCache.DefaultCredentials;




Setting the credentials on the proxy allows Integrated Authentication to work the way it’s supposed to, and everything works just fine.  Unfortunately I didn’t figure this out until my class was about half way through their final last night, but at least that’s better than not figuring it out at all. :-)

Tuesday, December 07, 2004 12:59:48 PM (Pacific Standard Time, UTC-08:00)
Looks like you had:

<authorization><deny users="?" /></authorization>

in your web.config, or open the property page for your virtual directory. Select the Directory Security tab, and in the Anonymous Access and authentication control pane click Edit. On the Authentication Methods property page make sure Anonymous access is checked as well as Integrated Windows authentication.

Off the top of my head, those are the two places you can deny anon access easily. It will be interesting to see what the problem was if it wasn't one of those!

Tuesday, December 07, 2004 3:11:34 PM (Pacific Standard Time, UTC-08:00)
No <authorization> section at all. Anonymous access checked. The wierdest thing was that if I unchecked everything except anonymous, I still got prompted with an login dialog. Not very anonymouse. I still suspect some sort of policy.
Comments are closed.