Error: (401) Unauthorized

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Error: (401) Unauthorized

Benjamin Alderson
I am using NeatUpload on one page to post large files to my webserver.  In my Dev environment, it all worked fine, but once it went to QA, which is load balanced, we would get null reference exceptions on PostBack, which was because I had done nothing to save session state.  I added SQL Server session state to my website, and while it worked fine on all other pages, the page with the NeatUpload InputFile control would throw the (401) Unauthorized on every postback!

I attempted to follow the directions on the Manual page for configuring NeatUpload to work in a web farm/garden, but to no avail.  I added the "Demo" folder back into the website for testing, and at this point, I can duplicate this 401 error in both my page (on any postback) and on the Demo.aspx when I select a file and then hit "Submit" in the InputFile section.

Originally, the site had version 1.3.14, but I upgraded to the latest, 1.3.18, and still have this issue.  The site uses Windows authentication and has SQL session state management. 

In the "Troubleshooting" section of the Manual, you suggest setting useHttpModule to false.  When I do this, both the Demo.aspx page and my page successfully upload the file and return with no errors.  When I set it to true, I get the stack trace and error 401.

Dean, per your instructions in the Troubleshooting section, I setup the Debug directory and captured a sample crash from firs the Demo.aspx page, and then my page.  I will email them to you momentarilly.

When the page crashes, I get this result in the browser:

Server Error in '/' Application.

The remote server returned an error: (401) Unauthorized.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[WebException: The remote server returned an error: (401) Unauthorized.]
System.Net.WebClient.UploadValues(Uri address, String method, NameValueCollection data) +480
System.Net.WebClient.UploadValues(String address, NameValueCollection data) +34
Brettle.Web.NeatUpload.SimpleWebRemoting.MakeRemoteCall(Uri uri, HttpCookieCollection httpCookies, Byte[] encryptionKey, Byte[] validationKey, String encryptionAlgorithm, String validationAlgorithm, Object[] methodCall) +653
Brettle.Web.NeatUpload.SimpleWebRemoting.MakeRemoteCall(Uri uri, Object[] methodCall) +77
Brettle.Web.NeatUpload.SessionBasedUploadStateStoreProvider.MakeRemoteCall(Object[] methodCall) +52
Brettle.Web.NeatUpload.SessionBasedUploadStateStoreProvider.Load(String postBackID) +91
Brettle.Web.NeatUpload.UploadStateStore.OpenReadWrite(String postBackID) +21
Brettle.Web.NeatUpload.UploadStateStore.OpenReadWriteOrCreate(String postBackID) +18
Brettle.Web.NeatUpload.Internal.Module.FilteringWorkerRequest.ParseOrThrow() +3025
Brettle.Web.NeatUpload.Internal.Module.FilteringWorkerRequest.ParseMultipart() +983
Brettle.Web.NeatUpload.UploadHttpModule.WaitForUploadToComplete() +31
Brettle.Web.NeatUpload.UploadHttpModule.Application_ResolveRequestCache(Object sender, EventArgs e) +86
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75


Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3082
Reply | Threaded
Open this post in threaded view
|

Re: Error: (401) Unauthorized

Dean Brettle
Administrator
Thanks for taking the time to put together such an excellent description of the problem and the things you have tried.  You've save us both a lot of time trying to narrow down the cause.

See NeatUpload might fail when using Windows Authentication for the suggested workaround.  If that doesn't fix it, try the workaround described in this other thread.  Please post with what works for you.

Thanks,

--Dean
Reply | Threaded
Open this post in threaded view
|

Re: Error: (401) Unauthorized

Guest-1023
Dean,

Thanks for the quick response.  Your assessment was correct.  At one point, I had changed the permissions on the NeatUpload subfolder to allow "Anonymous Logon" to have rights to Read, Modify, Read & Execute, and List Folder Contents.  At the time, I think I figured that was "giving anonymous access", but after re-reading the section in the manual, I went back into the IIS config for the NeatUpload folder, removed that "Anonymous Logon" permission setup under Permissions, and simply checked the box for "Enable Anonymous Access" under Properties / Directory Security / Authentication and access control -> Edit.

Once I made that change, I set the useHttpModule attribute back to true, restarted the website, cleared all passwords in my browsers and restarted them and I was prompted for my logon on the main pages that I should have to login to, but the NeatUpload pages can be browsed without any authentication prompt, and of course they work like a champ from my Windows-authenticated pages.

Why I didn't run into this issue before adding the session state configuration, I'm not sure, but this IIS config change has fixed my issue.

Thanks for the quick response and excellent product! 
Reply | Threaded
Open this post in threaded view
|

Re: Error: (401) Unauthorized

Dean Brettle
Administrator
NeatUpload's default UploadStateStoreProvider looks at the sessionState mode to determine where to store UploadState. If the sessionState mode is Off or InProc (the default), NeatUpload stores UploadState in application state because it is faster and less complex. However, if sessionState mode has some other value NeatUpload stores upload state in the user's session so that it can be shared across a farm/garden like other session state. However, in order for NeatUpload to access the session state without locking it for the entire time that the upload is in progress, it makes issues web requests to a handler in the NeatUpload folder. For technical reasons it can't use windows auth or those requests. That's why you got the 401 error when you changed sessionState mode. --Dean
Reply | Threaded
Open this post in threaded view
|

Re: Error: (401) Unauthorized

Guest-1023
This makes total sense, and I've seen these hits from NeatUpload in the IIS log.  The 401 error makes sense, now that I realize that I didn't actually have Anonymous access enabled to the NeatUpload subfolder (I had only granted some access to the "Anonymous Logon" - subtle difference, and my mistake).  I'm just glad I got it all setup correctly and working with the load balanced setup.