I'm having some trouble with a web service call from my C# client. Occasionally it will return the following error:
WWW-Authenticate: Basic realm="[SomeRealm]"'. --->
System.ServiceModel.Security.MessageSecurityException:
The HTTP request is unauthorized with client authentication scheme 'Digest'.
The authentication header received from the server was 'Digest realm="[SomeRealm]",
nonce="00000717Y382188758809db0bcc622bdf37def3deabb93", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"'. --->
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
But I can't figure out why and it is really hard to reproduce and therefore very tricky to debug. Most of the time the calls to the web service works just fine. Anyone got any ideas why this happens? Or any tips on how to debug and get more info on the problem?
UPDATE:
Ok, so I tried out looking at the communication that goes on using fiddler, but it didn't make me any wiser.
This is a vaild request/challenge/request/response
Request
POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8;
action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Host: 192.168.1.3
Content-Length: 482
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Challenge
HTTP/1.1 401 Unauthorized
Date: Wed, 14 Aug 2013 07:45:49 GMT
Accept-Ranges: bytes
Connection: close
WWW-Authenticate: Digest realm="[SomeRealm]",
once="00025a89Y1892894c7fb9fe5f9de425b40c72d72de3227", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Content-Length: 180
Content-Type: text/html; charset=ISO-8859-1
<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>401 Unauthorized</H1>
Your client does not have permission to get URL /api/services from this server.
</BODY></HTML>
Request
POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Accept-Encoding: gzip, deflate
Authorization: Digest username="UserName",realm="[SomeRealm]",nonce="00025a89Y1892894c7fb9fe5f9de425b40c72d72de3227",uri="/api/services",cnonce="abff70e14c8f89b09abac9eaaa9de8ce",nc=00000001,qop="auth",response="df71769f9fb2bb5e1396546b7422d5fd"
Host: 192.168.1.3
Content-Length: 482
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Authentication-Info: qop=auth, rspauth="51832dfe63819c551bf666409f58b08c", cnonce="abff70e14c8f89b09abac9eaaa9de8ce", nc=00000001
Server: gSOAP/2.7
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 3752
Connection: close
And this is one of the failing request/challenge/request/response
Request
POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Host: 192.168.1.3
Content-Length: 482
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Challenge
HTTP/1.1 401 Unauthorized
Date: Wed, 14 Aug 2013 07:45:49 GMT
Accept-Ranges: bytes
Connection: close
WWW-Authenticate: Digest realm="[SomeRealm]", nonce="00025a89Y3757607d2e481c5c24cb20f1a46b129a37218", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Content-Length: 180
Content-Type: text/html; charset=ISO-8859-1
<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>401 Unauthorized</H1>
Your client does not have permission to get URL /api/services from this server.
</BODY></HTML>
Request
POST http://192.168.1.3/api/services HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8; action="http://www.domain.com/api/ws/event1/GetScheduledEvents"
Accept-Encoding: gzip, deflate
Authorization: Digest username="UserName",realm="[SomeRealm]",nonce="00025a89Y3757607d2e481c5c24cb20f1a46b129a37218",uri="/api/services",cnonce="9daae13f56820d9edf12cbf7e41f894b",nc=00000001,qop="auth",response="18d885af71eb74d1476da0f3668bf00e"
Host: 192.168.1.3
Content-Length: 482
Connection: Keep-Alive
Response
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="[SomeRealm]", nonce="00025a89Y412766b2f55e4fc54dbd441b95cc713e08ccb", stale=FALSE, qop="auth"
WWW-Authenticate: Basic realm="[SomeRealm]"
Server: gSOAP/2.7
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Connection: close
So it seems that the error was actually on the server side. As far as I've heard it was some threading issue which seems plausible since I hit the server with a lot of requests.