401 Unauthorised when calling SharePoint web services

Recently while developing and testing a web service which called the SharePoint lists.asmx service I consistantly received a ‘401 unathorised’ exception when calling the lists.asmx method getlistitems(..). I passed the default network credential and ran the app under the system/farm account, I created a new network credential and used service account credentials but no matter what, I always got the 401. After much frustration I found this kb article: http://support.microsoft.com/?scid=kb;en-us;896861&x=14&y=17 which fixed the issue.
 
Cause:
This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
 
Workaround:
To work around this issue, use one of the following methods.

Method 1: Specify host names

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check

Follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer
Advertisements

4 thoughts on “401 Unauthorised when calling SharePoint web services

  1. If the above doesn’t apply to your situation another fix for this is to supply the URL for the web service you’re using along with the credentials. It’s strange but, for example, when you create your new .Lists object for the lists.asmx service, set the Credentials property as usual and then set the Url property to the exact URL that your web resource points to.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s