IIS Not Passing Credentials with .NET WebClient Object

Question

Ok guys, this problem has eluded me for days now. There are many examples of similar problems out there, but none of them seem to fit the issue I'm having. I'm attempting to use a VB.NET System.Net.WebClient object to remotely navigate to a intranet webpage within an ASP.NET application. On my development server, I am able to hit the page without error. On our UAT server, the request fails with 401 Unauthorized error. Both servers are Windows Server 2012 using IIS8.

EDIT: ( To keep things simple I was going to leave this out, but I guess it is relevent. This ASP.NET website is wrapped within SharePoint 2013. This application spits out a DLL that is used in conjuction with the ASP.NET pages by SharePoint. Both of the servers have the same authentication specified for the SharePoint site:

So in reality, the only authentication that needs to be done, is the authentication to the SharePoint site itself.)

 

After hours of testing this, I decided to check out the IIS transaction logs to try to figure out what is going on. I found that regardless of what credentials I pass to the WebClient object, they are never passed by IIS to the request on my UAT server, but they are on my development server (See IIS Transaction Logs Below)

Both sites have supposedly been configured to be exact replicas of each other and I have compared the IIS settings for the website between the two servers to the best of my abilities and I cannot seem to figure out what the difference is.

 

Here is some code from the function that is doing the work:

    Private Sub CreateTiffFile()
    Try
        'Create NetworkCredentials object and set properties
        Dim creds As New NetworkCredential
        creds.UserName = "userid"
        creds.Domain = "domain"
        creds.Password = "password"

        'Create WebClient object, set creds
        Dim wc As New System.Net.WebClient()
        wc.Credentials = creds

        'Set the URL to navigate to based on the current URL and RequestID
        _URL = Utility.CurrentURL & "PrintPreview.aspx?RequestId=" & _CurrentRequestID 

        'Read the page
        Dim webReader As New System.IO.StreamReader(wc.OpenRead(_URL))

        'Do other stuff here
        'Do other stuff here
        'etc.

    Catch ex As Exception
        Utility.ErrorHandler(ex, _CurrentRequestID)
    End Try
End Sub

DEVELOPMENT IIS Transaction Log (The credentials are passed correctly):

2014-05-05 14:59:38 10.###.###.### GET /mysite/PrintPreview.aspx RequestId=9849&HideControls=1 80 - 10.###.###.### - - 401 0 0 1481
2014-05-05 14:59:38 10.###.###.### GET /mysite/PrintPreview.aspx RequestId=9849&HideControls=1 80 - 10.###.###.### - - 401 1 2148074254 0
2014-05-05 14:59:58 10.###.###.### GET /mysite/PrintPreview.aspx RequestId=9849&HideControls=1 80 0#.w|domain\userid 10.###.###.### - - 200 0 0 19468

On the last line you'll notice that the credentials are passed and it returns a 200 OK.

UAT IIS Transaction Log (The credentials aren't passed):

2014-05-05 15:16:16 10.###.###.## GET /mysite/PrintPreview.aspx RequestId=9851&HideControls=1 80 - 10.###.###.## - - 401 0 0 15
2014-05-05 15:16:16 10.###.###.## GET /mysite/PrintPreview.aspx RequestId=9851&HideControls=1 80 - 10.###.###.## - - 401 1 2148074254 15
2014-05-05 15:16:16 10.###.###.## GET /mysite/PrintPreview.aspx RequestId=9851&HideControls=1 80 - 10.###.###.## - - 401 1 2148074252 0

On the last line you'll notice that the final transaction returns a 401.1 Unauthorized error

 

(If you haven't guessed it by now, I am basically reading the page to a stream, later on I use the data to write it to an html file on a local share. )

This process has worked flawlessly until now. The problem arose when we moved the application to new servers.

I have spent days looking into this and haven't found the cause. It's important to note that I'm a developer and though I have a decent amount of knowledge about setting up website in IIS, I am not a server administrator and I think I've reached the limit of my abilities.

How should I troubleshoot this further? Any insight/ideas would be helpful. If you have any questions, please feel free to ask and I'll do my best to answer them.

Answer 1

After much digging, I checked out the event viewer on the server and found a corresponding warning in the servers event viewer:

The program w3wp.exe, with the assigned process ID 7328, could not authenticate locally by using the target name HTTP/codeuat.cmapps.stele.net. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. Try a different target name.

After doing research on this error, I actually found many people with the same problem. This lead me to a registry entry called "BackConnectionHostName"(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0) which was missing the host name I was attempting to connect to, and thus, the authentication failed.

After adding the host name to the entry, I was able to pass authentication correctly and confirmed this by checking the IIS log.

Thanks everyone for you responses.

Answer 2

You need to specify which authentication type to use, as described in this answer https://stackoverflow.com/a/1680866/1425531

As to guessing why it works on one server and not the other: does the first server have only basic auth enabled for the site while the site on the other server has windows authentication (ntlm)?