Web Service Error: “The request failed with HTTP status 401: Unauthorized.”

 

I’ve come across a number of developers who have run into this issue when trying to call a web service in Visual Studio 2005 Beta 2. The symptom of the problem is that when trying to call a web service that is running on the "ASP.NET Development Server" from another application, the web service throws a WebException with the message: “The request failed with HTTP status 401: Unauthorized.”

First and foremost, this issue is not related to debugging. If you run the application outside of Visual Studio, you’ll see the same result. Also noteworthy to mention is that when you run the web service by itself, everything works fine. It’s only when you call the web service from another application that it fails.

Why do I get this error?

The reason for this error is that by default, a web service project in Visual Studio 2005 Beta 2 required NTLM authentication. When you call the web service from another application, the application tries to call into the web service with anonymous access and fails. But, when you call the web service from the web service test page in Internet Explorer, your credentials are passed from IE to the web service which means that the call succeeds.

How do I fix this error?

There are two ways to fix this error.

1. Disable NTLM Authentication in Project Properties
If your web service is not intended to require authentication, the easiest way to fix this error is to turn off NTML authentication in a web service project. To do this, right click on the web service project and select “Property Pages”. On the “Start Options” page, uncheck “NTLM Authentication”. NOTE: disabling this option has security implications if you are running the web service in a Terminal Server environment. If the web service is on your local machine and it’s not being used in a Terminal Server environment, then you should be fine.

2. Pass User's Credentials from Calling Application to Web Service
If your web service is intended to require authentication and not anonymous access, then pass the credentials of the user from the application to the web service. Here is an example:

Samples.TimeWebService ws = new Samples.TimeWebService();
ws.Credentials = System.Net.CredentialCache.DefaultCredentials;
string currentTime = ws.GetCurrentTime();