System.Net.WebException: The request failed with HTTP status 401: Unauthorized.


  • Hi, I have this piece code that I implement the web service using the List.asmx from my portal.
    listService.Credentials = System.Net.CredentialCache.DefaultCredentials; 
    The thing is, I just added that my default.aspx to the virtual driectory in the IIS, then run it, but I am getting an error:

    Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [WebException: The request failed with HTTP status 401: Unauthorized.] System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) +551137 System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +204 listName, String viewName) in C:\Documents and Settings\ply\My Documents\Visual Studio 2005\Projects\AppAnalysis\AppAnalysis\Web References\com.gohealthcast.portal\Reference.cs:260 AppAnalysis._Default.Button1_Click(Object sender, EventArgs e) in C:\Documents and Settings\ply\My Documents\Visual Studio 2005\Projects\AppAnalysis\AppAnalysis\Default.aspx.cs:35 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746 

    Thursday, October 09, 2008 4:00 PM


  • Change your code to just use listService.UseDefaultCredentials = true;

    Posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, October 13, 2008 5:10 PM

All replies

  • please make sure you have the access to sharepoint site. secondly your default.aspx is in your own virtual directory so make sure your virtual directory is configured for windows authentication in IIS so that your logged in user credentials can be passed to it. you can do one more thing here, if you know for sure that you user is a sharepoint user also. you can write statement to pass user id and password explicilty like
    listService.Credentials = new System.Net.NetworkCredential(userName, userPassword, domain);
    if this works then you need to configure your virtual directory to enable windows authentication in IIS assuming that your virtual directory is under a different IIS website. 

    • Proposed as answer by Moonis Tahir Thursday, October 09, 2008 7:24 PM
    Thursday, October 09, 2008 4:23 PM
  • Yeah that works. The one that I have to provide username and password, but is it very secured to put my credentials in the code? And what do you mean by window authentication? The check box next to Integrated windows authentication? I tried that but it's not working. Do I have to be able to login to the Sharepoint server box? I just know that I am able to browse it.
    Thursday, October 09, 2008 6:16 PM
  • ok, now you know that providing your user name & password works. comment out this and switch back to your original defaultcredential syntax. now go to IIS and right click your web app virtual directory and go to security tab and un check anonymous authentication and leave integrated windows authentication checked. now check if you get access denied issue or not.
    Thursday, October 09, 2008 7:26 PM
  • Yeah, I did what you told me to and yes I am still getting the same error "System.Net.WebException: The request failed with HTTP status 401: Unauthorized."
    Thursday, October 09, 2008 8:04 PM
  • can you please print HTTPContext.Current.User etc property to display logged in user name on your default.aspx and see if it is getting your user name or it is still getting IUSR user name/
    Thursday, October 09, 2008 8:23 PM
  • Yeah it's showing my domain and username. Is case sensitive? It shows as upper case. And I even tried to see if it's authenticated, and it is.

    if (HttpContext.Current.User.Identity.IsAuthenticated)


    Label1.Text = "authenticated";


    Thursday, October 09, 2008 9:55 PM
  • Where is the virtual directory pointing to? Is it on the same machine or remote?
    Posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, October 10, 2008 12:30 PM
  • It's on my machine, local host.
    Friday, October 10, 2008 3:23 PM
  • So to be clear:

    When you specify your user account programmatically with NetworkCredential it works but when you specify to use DefaultCredentials and you are logging in with the exact same user account it fails?

    Posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, October 10, 2008 3:28 PM
  • Michael, yes you are correct.
    Friday, October 10, 2008 7:34 PM
  • OK try one more thing:

    I am sure you have rights to the SharePoint server but try to browse the lists.asmx in the browser and see if you can access it in the browser. If it's a rights issue, you will a security permission error in the browser and if you can see it working in the browser then you should be able to use defaultcredentials in your code. Just in any case, give yourself permissions on the site where you want to use the lists.asmx. Remember you can use it from different locations. for example, you can use it on the root level, at the site level, at the subsite level, each level will have it's own url. for example, at a subsite level, the url might look like this:


    so suppose you are using the above url then you must give correct permissions to yourself in the site: http://server/sites/site1.

    This is ridiculous I know but just try it and let us know the result.
    Friday, October 10, 2008 8:49 PM
  • Yes, I am able to browse to that List.asmx. I am an admin on that sharepoint site.
    Friday, October 10, 2008 8:56 PM
  • Sorry to bump this up, but anyone?
    Monday, October 13, 2008 4:53 PM
  • Change your code to just use listService.UseDefaultCredentials = true;

    Posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, October 13, 2008 5:10 PM
  • Hi, I did this:

    //listService.Credentials = //System.Net.CredentialCache.DefaultCredentials;

    listService.UseDefaultCredentials = true;

    But now, it doesn't write anything or save anything to my list.
    Wednesday, October 15, 2008 4:16 PM
  •  Wrap your call to UpdateListItems in a try {} catch(SoapException se) { }

    Then look at the se.Detail property.


    Posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, October 15, 2008 4:44 PM
  • Hi,

    When ever I will try to use retrieve method, it’s throwing an error called Unauthorized exception. It’s related to authorization error. I think I am missing some credentials.

    I have used in 2 different ways i.e., by providing DefaultCredentials and other way is by providing NetworkCredentials. Is there any other area I am missing? For your reference I am sending the screen shot.

     Can any one please help me to over come this issue?

    Wednesday, November 18, 2009 4:33 PM
  • Hi Azn/Michael,

    Did your issue get resolved? I am also having similar issue, except that i am trying to talk to shareoint through object model from a web application hosted on the same machine as WSS 3.0. The code works fine with windows application, but not with web. Tried even changing the application to same application pool of the site collection, which has the idenity of the Farm admin. But, no success. Any suggestions?



    Friday, March 19, 2010 6:08 AM
  • Hi I have been struggling with the exact same problem for weeks now! I tried all of the advice given above, just like you none of it worked. I was using windows authentication and was definitely being authenticated.

    Then I thought, let me play around with the application pool identity within iis. Sure enough, when I chose a custom account and entered my own credentials it worked. Now obviously, I don't want all sharepoint activity carried out through the webservices to be logged under my own account name, so reset the app pool identity to NetworkService, and enabled impersonation instead by adding the tag

    <identity impersonate="true"/>

     to my web.config. It now works beautifully.

    Tuesday, June 08, 2010 4:24 PM
  • Thanks for updating the thread with your experience.
    Moonis Tahir MVP, MCPD,, MCTS BizTalk 2006/SQL 2005/SharePoint Server 2007 (Dev & Config)
    Tuesday, June 08, 2010 4:51 PM