HttpWebRequest 401 error

回眸只為那壹抹淺笑 提交于 2019-12-11 06:26:21

问题


I am developing an intranet application (Windows Authentication) which download report stream from reporting server then save it as a file. When I ran it in debuging mode it works fine。 The code is as below:

       HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);

       req.UseDefaultCredentials = true; 

        HttpWebResponse response = (HttpWebResponse)req.GetResponse();
        Stream fStream = response.GetResponseStream();

However after I deployed it to the server, it won't get response rather than getting 401 unauthorized error.

Even I change the code to: HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);

        string domain = ConfigurationManager.AppSettings["SchedulerDomain"];
        string userName = ConfigurationManager.AppSettings["SchedulerUser"];
        string passWord = ConfigurationManager.AppSettings["SchedulerPassword"];
        NetworkCredential credential = new System.Net.NetworkCredential(userName, passWord, domain);
        req.Credentials = credential;

         HttpWebResponse response = (HttpWebResponse)req.GetResponse();
        Stream fStream = response.GetResponseStream();

Get the same error. The user setup in the code has the permission to view/run the report.

The IIS7 is using Negotiate and NTLM. (Due to complicated reason, can't change Kerberos), run under ApplicationPoolIdentity

My question is, when I run it under debug mode, the user is my windows account, but why it fails when I tried to send the credential to the reporting server?

Anyone can help?


回答1:


I capture all the request from the application server to the reporting server, find that all the requests' header's credential username and domain, password are null. Finally I think it is the NTLM causes the issue as here requires two credential hops which NTLM can't handle it, need use Kerberos.

There is another solution if you can't use Kerberos authentication: disable the asp.net impersonation, so from the app server to reporting server will use the applicationpoolidentity, which is a local machine account with account as such: domain/machinename$. So if you grant this account with browse permission on the reporting server, it should work.




回答2:


I'm not sure how your IIS is configured but it seems like the Identity in your Application Pools setting for your app is overriding any supplied credential. Most obviously, the user that it is trying to authenticate with does not have access. That being said go to your IIS Manager and check the Identity settings for the site's Application Pool.

Change it to a user that has access to the report viewer and that should fix it. I've had a similar issue I posted here in case anyone is interested.



来源:https://stackoverflow.com/questions/20366774/httpwebrequest-401-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!