HTTP status 401: Unauthorized when calling from ExtendedPSI

I am currently trying to develop a ExtendedPSI Web service which in turn calls a number of existing PSI Web services. The trouble is I recieve the error

System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

when I try to access the existing PSI services from with the ExtendedPSI I have created.

I can get the service to work if I hardcode the Credentials in my ExtendedPSI using the following snippet:

resWS.Credentials = new NetworkCredential("userName", "userPass", "domain");

but not when I use:

resWS.Credentials = CredentialCache.DefaultCredentials;

(i have tried CredentialCache.DefaultNetworkCredentials but read this doesn't work thru HTTP or FTP)

I have read numerous posts with suggestions such as enabling Windows Authentication and removing anonymous access etc. either in the client web.config or on the virtual of the calling webapp however I am using SoapUI to call the ExtendedPSI service as the final solution will be called by an ESB platform (namely SAP PI).

But using SoapUI I have managed to call each of the existing PSI services (web services called in my ExtendedPSI service) in turn by supplying my login details in the SoapUI interface so I know the existing services work as long as I can pass on the credentials but they are empty when using CredentialCache.DefaultCredentials.

Hope this makes sense to someone (this is my first attempt at web services so I appologise if its a little vague). I don't really want to hardcode logon details within my service so I hope someone has came across this before and has a solution I can use...

Is the information I need held with the HttpContext? A encrypted token I can pass maybe (just reaching here :)? Or will I need a generic user to access these existing PSI web services?

FYI: I followed the article http://msdn.microsoft.com/en-us/library/bb428837.aspx (which i've extended further to call existing PSI's) but it assumes some sort of MS.NET client calling the service.

Thanks in advance...

Regards, TartanBono

You should change the web.config of your application like this. Just overwrite the security node in the binding node:

<binding name="WssInteropSoap">
  <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"
        realm="" />
    <message clientCredentialType="UserName" algorithmSuite="Default" />
  </security>
</binding>

Now you can authenticate without a special account (passthrough from windows) or with this code, you can specify an account:

//credential impersonation (just if you changed your binding settings)
projectSvc.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain");
projectSvc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

I hope it will help :)

I've also written a blog entry for setting up a connection to the PSI: Read Project Server 2010 CustomFields over PSI