none
PSI call in an event fails with 401 unauthorized, but successful from a direct call from visual studio RRS feed

  • Question

  • I am stuck on this for days and hope to get some insight on what to look at next.

    I have a event handler that works in my local dev environment (1 server for all) but fails in the test dev (web and app server on the same server, the db server separate) with the error below. 

    I created a test app without using event handler to test out the PSI call and it worked fine from within visual studio.  I dynamically established the end point in the test app so the only difference I can think of is that the event handler code runs under the event service account and my test app runs as myself.  I checked the app pool and service account for the PSI web app, the account is the farm account so it should have sufficient privilege.  What am I missing???

    System.ServiceModel.Security.MessageSecurityException:
    The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The
    authentication header received from the server was 'NTLM'. --->
    System.Net.WebException: The remote server returned an error: (401)
    Unauthorized.<o:p></o:p>

    at System.Net.HttpWebRequest.GetResponse()<o:p></o:p>

    at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
    timeout)<o:p></o:p>

    --- End of inner exception stack trace ---<o:p></o:p>

    Server stack trace: <o:p></o:p>

    at
    System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest
    request, HttpWebResponse response, WebException responseException,
    HttpChannelFactory factory)<o:p></o:p>

    at
    System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest
    request, HttpWebResponse response, HttpChannelFactory factory, WebException
    responseException, ChannelBinding channelBinding)<o:p></o:p>

    at
    System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
    timeout)<o:p></o:p>

    at
    System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)<o:p></o:p>

    at
    System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,
    TimeSpan timeout)<o:p></o:p>

    at
    System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)<o:p></o:p>

    at
    System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation)<o:p></o:p>

    at
    System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)<o:p></o:p>

    Exception rethrown at [0]: <o:p></o:p>

    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg)<o:p></o:p>

    at
    System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type)<o:p></o:p>

    at SvcTimeSheet.TimeSheet.ReadTimesheet(Guid
    tsUID)<o:p></o:p>

    at
    SvcTimeSheet.TimeSheetClient.ReadTimesheet(Guid tsUID)<o:p></o:p>


    Tuesday, May 7, 2013 4:31 PM

All replies

  • I think you're right: "event handler code runs under the event service account ".

    You need to use impersonation here to make it run under the account with higher permissions.

    Friday, May 10, 2013 1:20 PM
  • The account running the Events Service needs to be added as an Administrator in PWA itself, then it will work.

    Had this issue many times before, no need to impersonate


    120811049008

    Friday, May 10, 2013 5:08 PM
  • Check Whether a specific rights are given to the user under which the code is runnning.

    this error occurs in case of permission issue

    Saturday, May 11, 2013 2:24 PM