i am using a SOAP UI to send some XML request to a web service hosted in IIS. it has integrated windows auth enabled and basic auth enabled.
when i have both integrated and basic enabled, it works sometimes and it fails other times with 401 response code , i can see the http headers traffic sending authorization key when it fails as well.
but when i have basic auth only enabled it works all the time.
any ideas guys?
this is how my IIS logs looks when it fails instead of going 401, 401 ,200
it goes 401,
401, 401
2011-07-15 00:16:41 W3SVC1 POST /test/Service.asmx - 80 - 192.168.1.101 Jakarta+Commons-HttpClient/3.1 - 401 2 2148074254 0
2011-07-15 00:16:41 W3SVC1 POST /test/Service.asmx - 80 - 192.168.1.101 Jakarta+Commons-HttpClient/3.1 $Version=0; 401 1 0 0
2011-07-15 00:16:41 W3SVC1 POST /test/Service.asmx - 80 - 192.168.1.101 Jakarta+Commons-HttpClient/3.1 $Version=0; 401 1 2148074248 0
Also My webserver is part of webfarm. and my app pool for the web service runs under network_service
Best Answer
When you see 401.2, 401.1, (supposed to be 200) that's a client doing an NTLM dance with the server.
If you only ever see 401, 200 for working clients, they're either using Basic or Kerberos.
It's possible that working clients doing Integrated are working because Kerb is working for them, and that the reverse is also true, or that they're already in a multi-hop scenario without using kerberos.
There's one thing I will call out, which is that running an App Pool in a farm under Network Service will break Kerb authentication. The log pattern above doesn't tell me that's what's happening - the client's pretty clearly doing NTLM and failing - but I thought I'd mention it for completeness.
Soo... all that comes back to: troubleshoot it from the client.