Endpoint Permission Issues
-
Hi,
I have setup a basic endpoint that exposes a sp that when given a few parameters, should go and update a record on the database:
/****** Object: Endpoint [ep_UpdateAddressDetails] Script Date: 02/22/2007 15:01:04 ******/
CREATE
ENDPOINT [ep_UpdateAddressDetails]
AUTHORIZATION [mydomainname\tgriffiths]
STATE
=STARTED
AS HTTP (PATH=N'/sql', PORTS = (CLEAR), AUTHENTICATION = (INTEGRATED), SITE=N'lfxakl13', CLEAR_PORT = 80, COMPRESSION=DISABLED)
FOR SOAP (
WEBMETHOD
'UpdateAddress'( NAME=N'[testDb].[dbo].[p_tTest_UpdateAddressDetails]'
,
SCHEMA=STANDARD
,
FORMAT=ALL_RESULTS), BATCHES=ENABLED, WSDL=N'[master].[sys].[sp_http_generate_wsdl_defaultcomplexorsimple]', SESSIONS=DISABLED, SESSION_TIMEOUT=60, DATABASE=N'testDb', NAMESPACE=N'http://lfxakl13/sql/', SCHEMA=STANDARD, CHARACTER_SET=XML)
I can see the wsdl from a web browser, however when I go and setup a HTTP Connection in VS2005, I put in my URL as : http://lfxakl13/sql and then press test and it comes back with "the remote server returned an error: (401) Unauthorized."
So I presume this is just a permissions issue? However I am unsure what I need to apply permissions on, as you can see from the statement above, I have given AUTHORIZATION to my username "tgriffiths". I have also run a seperate grant connect priviledges for me - but still not difference in the response from VS2005.
Can anyone assist in getting this going as I am not sure where to look from here.
Thanks in advance
Troy
-
just to confirm - I am a local admin user and also a db_owner of this database, and also within the BUILTIN\Admnistrators group - so am part of sysadmin group also.
-
It would be interesting what your IIS log said about this attempt to connect. The 401 is (as you probably already know) an IIS error not directly to do with any of the admin groups / roles you've mentioned (in your second post).
If you're getting bounced by IIS then either you need to set up permissions at the (web) endpoint, or you may not be coming through as the account (mydomain\tgriffiths) you think. Either way the IIS log shoud shed more light.
BTW, the 401 error has several subtypes (the .n part) which could also tell us what type of permission is being refused. Is that being given anywhere?
-
The interesthing thing is that the web sites under IIS Admin are "stopped" - and checking the event log initially when booting up it says:
Unable to bind to the underlying transport for 0.0.0.0:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
and then when trying to start the web service - and receiving an 'unknown error' dialogue box - the following in the event log:
The service could not bind instance 1. The data is the error code.
Something is a bit weird. If I remove the endpoint - my web sites are able to be started, as soon as I create the endpoint the sites fail. All I have in my IIS is just the default stuff (and Virtual PC/Server site).
I was under the impression that the http.sys file simply passed the calls directly to SQL rather than going through IIS - so can't quite understand why it is having a fit....
Umm one other thing - not wanting to sound like a dumb arse, but where is the IIS log? I have looked under the Inetpub folder; and nothing in the mmc snapin.
Thanks for the assistance!
Troy
-
Hi,
Further to this - I have deleted the namespace and recreated it. Previously it was using port 80; whereas now I have changed it to using port 8080. Now it appears as though the endpoint and the IIS sites all exist happily together. From what I was reading about this - it made me think that both SQL and IIS could operate on the same port (ie 80), because before the request even got to IIS http.sys would work out whether it was destined for SQL or IIS and forward through as necessary - is this incorrect? Do they need to be on different ports?
In any light - I am still getting the same message when trying to setup a HTTP connection manager in VS2k5 for my URL - "The remote server returned an error: (401) Unauthorized"
There is no entry in the event logs for this now.
Help. Please.
Cheers
Troy
-
Hi, Just been playing around more with this and looking further into it and it would appear as though the HTTP connection in VS doesn't want to talk nicely to it when testing the connection - could be something to do with it only accepting wsdl requests and http post messages (normal http get's are not).
So if I don't test the connection and just go to the next step - I can actually select my endpoint!! So all this for not a hell of a lot of anything.
Thanks
-
Glad to see. I'm about to start trying these services myself, so thanks for posting your findings.
And yes, I AM a stupid-head. the 401 is an HTTP error not specifically IIS.
Sorry for the misdirection
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply