0

I am currently trying to develop a ExtendedPSI Web service which in turn calls a number of existing PSI Web services. The trouble is I recieve the error

System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

when I try to access the existing PSI services from with the ExtendedPSI I have created.

I can get the service to work if I hardcode the Credentials in my ExtendedPSI using the following snippet:

resWS.Credentials = new NetworkCredential("userName", "userPass", "domain");

but not when I use:

resWS.Credentials = CredentialCache.DefaultCredentials;

(i have tried CredentialCache.DefaultNetworkCredentials but read this doesn't work thru HTTP or FTP)

I have read numerous posts with suggestions such as enabling Windows Authentication and removing anonymous access etc. either in the client web.config or on the virtual of the calling webapp however I am using SoapUI to call the ExtendedPSI service as the final solution will be called by an ESB platform (namely SAP PI).

But using SoapUI I have managed to call each of the existing PSI services (web services called in my ExtendedPSI service) in turn by supplying my login details in the SoapUI interface so I know the existing services work as long as I can pass on the credentials but they are empty when using CredentialCache.DefaultCredentials.

Hope this makes sense to someone (this is my first attempt at web services so I appologise if its a little vague). I don't really want to hardcode logon details within my service so I hope someone has came across this before and has a solution I can use...

Is the information I need held with the HttpContext? A encrypted token I can pass maybe (just reaching here :)? Or will I need a generic user to access these existing PSI web services?

FYI: I followed the article http://msdn.microsoft.com/en-us/library/bb428837.aspx (which i've extended further to call existing PSI's) but it assumes some sort of MS.NET client calling the service.

Thanks in advance...

Regards, TartanBono

Suncatcher
  • 10,355
  • 10
  • 52
  • 90
TartanBono
  • 1
  • 1
  • It's DefaultCredentials that's described in the docs as not working with HTTP or FTP. Incidentally, what is the authentication scheme in use, and are your windows log-in details a match of those needed for this? – Jon Hanna Oct 06 '10 at 16:16
  • Hi Jon, thanks for takin the time, its windows authentication and the details are consistent throughout the network. it is these details that I hardcode into the extendedPSI, if I hardcode them it works fine. I need the network logon details passed on, eg. each user can only interogate/update their own timesheet data using the PSI web services. Hope that makes sense. Sorry if not but this is all new to me :) TB – TartanBono Oct 07 '10 at 12:24

1 Answers1

0

You should change the web.config of your application like this. Just overwrite the security node in the binding node: 

<binding name="WssInteropSoap">
  <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"
        realm="" />
    <message clientCredentialType="UserName" algorithmSuite="Default" />
  </security>
</binding>

Now you can authenticate without a special account (passthrough from windows) or with this code, you can specify an account: 

//credential impersonation (just if you changed your binding settings)
projectSvc.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain");
projectSvc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

I hope it will help :)

I've also written a blog entry for setting up a connection to the PSI: Read Project Server 2010 CustomFields over PSI

Sam M
  • 1,077
  • 2
  • 20
  • 42
cansik
  • 1,924
  • 4
  • 19
  • 39