0

I'm having some trouble with a web service call from my C# client. Occasionally it will return the following error:

WWW-Authenticate: Basic realm="[SomeRealm]"'. --->
System.ServiceModel.Security.MessageSecurityException: 
The HTTP request is unauthorized with client authentication scheme 'Digest'. 
The authentication header received from the server was 'Digest realm="[SomeRealm]",
nonce="00000717Y382188758809db0bcc622bdf37def3deabb93", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"'. ---> 
System.Net.WebException: The remote server returned an error: (401) Unauthorized.

But I can't figure out why and it is really hard to reproduce and therefore very tricky to debug. Most of the time the calls to the web service works just fine. Anyone got any ideas why this happens? Or any tips on how to debug and get more info on the problem?

UPDATE:

Ok, so I tried out looking at the communication that goes on using fiddler, but it didn't make me any wiser.

This is a vaild request/challenge/request/response

Request

POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8;
action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Host: 192.168.1.3
Content-Length: 482
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Challenge

HTTP/1.1 401 Unauthorized
Date: Wed, 14 Aug 2013 07:45:49 GMT
Accept-Ranges: bytes
Connection: close
WWW-Authenticate: Digest realm="[SomeRealm]",
once="00025a89Y1892894c7fb9fe5f9de425b40c72d72de3227", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Content-Length: 180
Content-Type: text/html; charset=ISO-8859-1

<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>401 Unauthorized</H1>
Your client does not have permission to get URL /api/services from this server.
</BODY></HTML>

Request

POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Accept-Encoding: gzip, deflate
Authorization: Digest username="UserName",realm="[SomeRealm]",nonce="00025a89Y1892894c7fb9fe5f9de425b40c72d72de3227",uri="/api/services",cnonce="abff70e14c8f89b09abac9eaaa9de8ce",nc=00000001,qop="auth",response="df71769f9fb2bb5e1396546b7422d5fd"
Host: 192.168.1.3
Content-Length: 482
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Authentication-Info: qop=auth, rspauth="51832dfe63819c551bf666409f58b08c", cnonce="abff70e14c8f89b09abac9eaaa9de8ce", nc=00000001
Server: gSOAP/2.7
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 3752
Connection: close

And this is one of the failing request/challenge/request/response

Request

POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Host: 192.168.1.3
Content-Length: 482
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Challenge

HTTP/1.1 401 Unauthorized
Date: Wed, 14 Aug 2013 07:45:49 GMT
Accept-Ranges: bytes
Connection: close
WWW-Authenticate: Digest realm="[SomeRealm]", nonce="00025a89Y3757607d2e481c5c24cb20f1a46b129a37218", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Content-Length: 180
Content-Type: text/html; charset=ISO-8859-1

<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>401 Unauthorized</H1>
Your client does not have permission to get URL /api/services from this server.
</BODY></HTML>

Request

POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Accept-Encoding: gzip, deflate
Authorization: Digest username="UserName",realm="[SomeRealm]",nonce="00025a89Y3757607d2e481c5c24cb20f1a46b129a37218",uri="/api/services",cnonce="9daae13f56820d9edf12cbf7e41f894b",nc=00000001,qop="auth",response="18d885af71eb74d1476da0f3668bf00e"
Host: 192.168.1.3
Content-Length: 482
Connection: Keep-Alive

Response

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="[SomeRealm]", nonce="00025a89Y412766b2f55e4fc54dbd441b95cc713e08ccb", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Server: gSOAP/2.7
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Connection: close
Markus
  • 1,614
  • 1
  • 22
  • 32

3 Answers3

0

I had plenty of problems while setting up security on my WCF end point, and the easiest way to find the cause of obscure errors (I had plenty) was to turn on the log traces for the web service, both on the host and client sides. I also found using Fiddler as a message interceptor/proxy worked well. Using these tools, you'll get much more information about what's happening within the web service.

Here's a link to turning on the tracing: How to turn on WCF tracing?

Here's a link to using fiddler to sniff out problems: How to use Fiddler to monitor WCF service

Best of luck.

Community
  • 1
  • 1
Brian
  • 3,653
  • 1
  • 22
  • 33
  • Thanks, a lot of the solutions seems to be for enabling tracing on the server. The server do not host a WCF service and I have no access to it, is it possible to enable WCF tracing on the client as well? – Markus Aug 13 '13 at 09:11
  • Found it. This made the trick: http://msdn.microsoft.com/en-us/library/ms730064.aspx – Markus Aug 13 '13 at 09:42
  • It might be possible to use Fiddler, too, in this process since Fiddler can capture all the messages to and from the service, allowing you to compare the messages that work verses those messages that fail. You'd set up set up Fiddler to listen on port (say) 8888 while the web service is listening on 8000. The request would be sent to 8888, then Fiddler re-sends the message to the correct host port, saving the request/response as it goes. – Brian Aug 13 '13 at 10:30
0

What type of Authentication you are using for web service Basic or Digest . Because Digest is not supported by all the browsers

Vivek Shrivastava
  • 1
  • 1
  • The authentication I'm using is Digest. I do not use a webbrowser to consume the service, it is a WCF client. – Markus Aug 13 '13 at 09:03
0

So it seems that the error was actually on the server side. As far as I've heard it was some threading issue which seems plausible since I hit the server with a lot of requests.

Markus
  • 1,614
  • 1
  • 22
  • 32