3

I have an ASP.NET Web Service, when I call it occasionally it returns the correct response, other times it is returning the exception The request failed with HTTP status 401: OK. Can someone please provide me with some reasons why this would be occurring? As I can't seem to find anything on HTTP 401 and a message of OK since 200 is OK and 401 is Unauthorized... Why would my Web Service hosted in IIS6 be returning this?

Here's the direct exception details:

Message:
    The request failed with HTTP status 401: OK.
Stack Trace:
    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
    at ws.Main.MethodName(param1, param2)

I will be trying to get a WireShark packet trace for this error when I am provided with it.

Both the client and the Web Service are code that we maintain. The exception only occurs intermittently and not always, the credential details passed through are valid AD user details for an account and IIS site is using Windows Authentication.

Seph
  • 8,472
  • 10
  • 63
  • 94
  • 1
    When a 401 is received, is the data that is requested of the web-service existing at the time the request is made? It could be a "bug" in the web-service, or the web-service is not able to find the data requested and is returning a [401 instead of a 404](http://stackoverflow.com/questions/4038981/is-it-ok-to-return-a-http-401-for-a-non-existant-resource-instead-of-404-to-preve), for security reasons or it could be something else entirely :) – Zabba Sep 04 '11 at 06:30
  • I am receiving very sporadic 401: Unauthorized so this question caught my attention. Are you capturing the exception details from the service? Do you have access to the server to see if there is information in the event viewer? I also am trying to get an analyzer so I'm curious what you find. Which binding and security mode are you using? – McArthey Sep 04 '11 at 06:57
  • The problem is that we are seeing this 401 OK being sometimes returned even when method code is simply `Return True` in an otherwise empty method. As I now say in my updated question, both the client and the Web Service are code that we maintain. – Seph Sep 04 '11 at 07:15

3 Answers3

3

I have found the cause and have an answer.

The problem was caused by multiple threads accessing the WebService at the same time over the same TCP pipe. This caused IIS to reset the authentication handshake and as a result the application received HTTP 401 UNAUTHORIZED exceptions in place of the 200 OK message, .NET was reporting the response was HTTP 401 OK, however using WireShark I was able to determine that the content was still HTTP 401 UNAUTHORIZED.

Due to the multi-threaded nature of the problem we had it occur very intermittently.

Solution was to write a new proxy class that encompass our auto-generated ws proxy class (from the WSDL) and implementing a SYNCLOCK object over every method within this new proxy class.

The problem also seemed to go away when I was using the server name rather than a DNS name because each separate thread call went on a different TCP pipe.

Seph
  • 8,472
  • 10
  • 63
  • 94
1

401 Unauthorized

Similar to 403 Forbidden, but specifically for use when authentication is possible but has failed or not yet been provided.

This means you don't not have permission for the resource you are trying to access, and that authenticating may make a difference. I don't think the OK is relavent, though it is unusual. Check the actual Http Status code in Fiddler to be sure.

Conversely:

403 Forbidden

The request was a legal request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference.

Is the service on a farm? It could be one server is not configured correctly.

Based on your last comment you should check there are no resource leaks causing the unexpected behaviour. If your using a database make sure you are disposing of disposable objects etc, profile the server to monitor memory use. Consider async services to keep the thread pool free if you have long running requests. Check event logs.

I think I may have seen similar behaviour when IIS can't handle authenticated traffic, it just bombs out with a 401. I never noticed the OK, but could well occur in this scenario.

TheCodeKing
  • 19,064
  • 3
  • 47
  • 70
  • The service is on a single server there is no farm. It works fine for a long time then one call in say 1000 will fail but then the next 10,000 will work fine and then fail 3 times in 100 and so on (numbers for guide only).. I'm almost thinking the problem is AD taking too long to reply.. but the most important question is why is it `401 OK` and not `401 Unauthorized`... 401 OK just doesn't make sense does it? – Seph Sep 04 '11 at 11:24
  • Updated with a few more ideas. – TheCodeKing Sep 04 '11 at 11:44
0

401 indicates that you are trying to access a password protected resource without including any authentication information in the request. Check that you have not misconfigured your server to require passwords for the URL that is returning the response, and also check that all the requests are to the same domain: you may be inadvertently issuing requests to a password protected domain (an example I've seen in the past is using a separate host to serve static files but the static file virtual host had HTTP basic auth set up).

Femi
  • 64,273
  • 8
  • 118
  • 148