Knowledgebase: You receive a "Web Service Requests must be protected by authentication" error when activating a Multi-Factor Auth app

I have identified an issue with Azure Multi-Factor Authentication (MFA) in a hybrid deployment. When you access the User Portal to activate the mobile app, you receive an error. All other Multi-Factor Authentication (MFA) functionality works.

 

The situation

After you’ve deployed a Multi-Factor Authentication Server installation as part of your Azure MFA hybrid implementation, you’d want to install the User Portal, Mobile Portal and Web Service SDK.

 

The issue

However, when you’ve followed the documentation for an installation of version 6.3.0, you might receive an error in the User Portal when you try to activate a Multi-Factor Auth app on a mobile device:

Web Service Requests must be protected by authentication.

 

The cause

This is caused by incorrect authentication settings in Internet Information Services (IIS) for the MultiFactorAuthenticationWebServiceSDK website.

The Azure Multi-factor Authentication Server Web Service SDK installer (MultiFactorAuthenticationWebServiceSdkSetup64.msi) does not correctly set the authentication settings for the Application within Internet Information Services (IIS).

 

The solution

To resolve this issue, change the authentication settings for the MultiFactorAuthenticationWebServiceSDK application manually:

  • Log on to the Windows Server running the Multi-Factor Authentication Server installation with an account with administrative privileges.
  • Open the Internet Information Services (IIS) Manager Microsoft Management Console (MMC).
  • In the left pane, expand Sites, then the Default Web Site and then select the MultiFactorAuthenticationWebServiceSDK application.
  • In the main pane, click on Authentication.

Authentication settings for an application in Internet Information Services (click for original screenshot)

  • Disable Anonymous Authentication.
  • Enable Basic Authentication.
  • Right-click the Default Web Site, select Manage, then Restart.
  • Close the the Internet Information Services (IIS) Manager Microsoft Management Console (MMC).

Next, you can check the connection to the Web Service SDK with these steps:

  • Log on to the Windows Server running the Multi-Factor Authentication Server installation with an account with administrative privileges.
  • Open a web browser.
  • Go to https://<hostname>/MultiFactorAuthMobileApp.
  • Click on the TestPfWsSdkConnection link.
  • Click on the Invoke button.
  • Now you have to provide credentials to access the SDK.
  • After you’ve supplied the credentials for the service account, you’ll receive some XML-formatted message including the text success.

Now, you can try and active the Multi-Factor Auth App again.

leave your comment