Why is valid name/password being rejected when specifying Metaweblog API?

Topics: Enhanced Blog Edition
Mar 31, 2008 at 12:42 PM
I'm following the instructions in the EBE User guide to create a connection with Windows Live Writer.

I've specified a valid URL for the BlogSite and also a valid Name / Password (Administrator of the server, also in the Site Owners group.

Yet when I move on to the screen where you specify Metaweblog API and http://server/blogsite/metaweblog.ashx I'm getting a message that

"the weblog account could not be accessed using the specified name and password" (etc.)

I have (as above) admin rights to the site, how do I create a suitable user who will have rights to access the "weblog account" ?

Mike
Developer
Mar 31, 2008 at 8:49 PM
This sounds like you are choosing "SharePoint" when connecting to the site (creating the account). You need to choose the metaweblog API, not SharePoint when creating the account.

--Vince
Apr 21, 2008 at 8:41 PM
I'm getting the same error as Mike201. I am not choosing "SharePoint weblog" as the option on the first screen of the Live Writer Add Account wizard. (I'm using the "Another weblog service" option and "Metaweblog API" as the provider.)

Troubleshooting I've tried:
1. Ensuring that "Accept user name and password from the API" is set to Yes in the "Web Application General Settings" of SharePoint Central Administration.
2. Entering the username with and without the domain prepended.
3. Double-checking the password (of course!).
4. Trying different Remote posting URL for your weblog.
As suggested by the EBE User Guide: http://server/site/blog/metawebloag.ahsx
As suggested by a few posts found via search: http://server/site/blog/_layouts/metaweblog.aspx
5. Changing the IE local intranet zone security settings to Always prompt for credentials (saw this in a post somewhere too)

Anyone have other suggestions.
Thanks!
Kye
Developer
Apr 22, 2008 at 9:08 PM
Kye,

I assume this is a typo (http://server/site/blog/metawebloag.ahsx) ?

Point 1 doesn't really apply, we are not using any of the OOTB SharePoint bloging API. The username & password are actually sent in the API request.

Try domain\username and domain/username as I remember issues with one of them in earlier build (this was fixed for the release).

Try using fiddler (www.fiddlertool.com) to see what is sent & received from the server.

There are numerous URLs you could use (all hardcoded in the EBE)...I use http://cks.wssblogs.com/metawebblog.ashx although metaweblog.ashx and metaweblog.aspx should also work.

Fiddler is the way to go though as you will see what you are getting (404, 401, 500).

--Vince


Apr 23, 2008 at 2:49 PM
Vince, thanks for the suggestions! The Fiddler suggestion is a great one I hadn't even thought about.

(Yes, the "metawebloag.ashx" was definitely a typo.)

I have tried both versions of the username with the domain prefix. Anything I do shows a 401.2 error in Fiddler:

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BTP.local"
MicrosoftSharePointTeamServices: 12.0.0.4518
X-Powered-By: ASP.NET
Date: Wed, 23 Apr 2008 14:36:16 GMT
Connection: close
Proxy-Support: Session-Based-Authentication

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<h1>You are not authorized to view this page</h1>
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
</ul>
<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.<br>Internet Information Services (IIS)</h2>
...


After some digging on this error on support.microsoft.com I decided to add the "Basic authentication (password is sent in clear text) method to the Authenticated access section of the SharePoint website properties (Directory Security tab > Authentication and access control) in IIS. Unfortunately this had no effect.

Thanks again,
Kye
Developer
Apr 24, 2008 at 12:19 PM
Kye,

Have you got anonymous access enabled? I think you will need that set on for LiveWriter to access the API.

--Vince
Apr 24, 2008 at 7:50 PM
Nice work, Vince! Turning on anon access enabled resolved the issue with Live Writer. Sweet, multiple categories from an offline post!

Does turning on anon access override SharePoint's security model? It doesn't look like it did (my testing just consisted of logging in as an 'average user' and making sure they couldn't edit SharePoint sites they do not own), but I'm not sure of the impacts of this IIS site setting.
Developer
Apr 24, 2008 at 9:05 PM
Problem is that LiveWriter (and anything else come to that) aren't aware of NTLM and so can't cope with the 401.

The MetaWeblog API sends the username & password in each request, the EBE uses this to log you onto SharePoint.

--Vince