Many a google search turned up nothing aside from people using a work around to force the client to use HTTP/1.0. I didn't believe this was the best solution as you would have to change it every time you updated the client.
I managed to get Tomcat authenticating users off an OpenLDAP server (very cool). There is also a windows port of the popular LDAP server (search google "windows OpenLDAP"). Then came the mission of getting the client to authenticate against the Tomcat server.
It appears that the problem is related to the Keep Alive settings on the Tomcat server and the way C# deals with it's authentication information. Upon setting the server to not keep connections alive everything started grooving.
so effectively all you do is add the attribute maxKeepAliveRequests="1" to the Tomcat server.conf <Connector> entry and restart apache. Below is an example
<Connector port="8080"
maxHttpHeaderSize="8192"
maxKeepAliveRequests="1"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true" />
Then in C# create the NetworkCredentials object like so
NetworkCredential cred =
new NetworkCredential("username", "password");
and assign it to the web service object credentials you have created and away you go! I will be posting a tutorial on this soon.
I hope this helps someone, as for more info on the topic refer to the apache bug log here.
On another note a very bright chap pointed out that setting ServicePointManager.Expect100Continue = false; also works (thus allowing the keep alives). His comments can be found here
One day our technologies will talk to each other and be happy. Anyways, I can finally get some sleep tonight and if you have a web service containing sensitive information, please for your own good, secure it. Basic is not the best route to go but it is a start.
No comments:
Post a Comment