473,695 Members | 1,926 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

WCF Transport Security fails if IIS running as NetworkService acco

Hi,

I'm working on a Web application that consumes a WCF Service that uses basic
HTTP binding with transport security and certificates for client credentials.
Just to clarify, the WebServer (IIS 7) is the client, and an application
that self hosts the WCF service is the server.

This is the binding configuration that I use on the client and service side:
<bindings>
<basicHttpBindi ng>
<binding name="basicHttp BindingWithTran sportSecurity">
<security mode="Transport ">
<transport clientCredentia lType="Certific ate" />
</security>
</binding>
</basicHttpBindin g>
</bindings>

When I run IIS 7 using the default NetworkService account, I get this error:
Could not establish secure channel for SSL/TLS with authority
'localhost:5039 1'.

When I run IIS 7 using the LocalSystem account, or if I set the
clientCredentia lType="None", then it works just fine.

What is it that causes the clientCredentia lType="Certific ate" to require
elevated rights in IIS 7?
I don't think it is access to the certificate, since I can see the public
key in debug.
(client.ClientC redentials.Clie ntCertificate.C ertificate.Publ icKey.EncodedKe yValue.RawData seems to have a value).

Thanks,
Erik
Aug 9 '07 #1
0 2554

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
1361
by: Tom | last post by:
hello there's something that I don't understand what is the difference between running a service in say User context and LocalService security context ? and what is the difference between NetworkService and LocalSystem ? those two are a little confusing could you explain in english please :P
1
1253
by: Stephen Corey | last post by:
I've got a windows service running as NetworkService on a WinXP Pro machine. Is there a way for it to find the Active Directory account of the logged on user? I don't mind switching the service to run as a "Domain Admin" if needed, but I *need* to find out the LDAP path for the user. Thanks!
16
2113
by: Marina | last post by:
Hi, I am trying to find the minimum security settings to allow a windows control embedded in IE have full trust. If I give the entire Intranet zone full trust, this works. However, this is very broad and gives the entire zone high privleges. I tried giving just the assembly full trust (using the full URL for the DLL), but this doesn't seem to work.
4
3489
by: cs_hart | last post by:
I am trying to send an email using our mailserver but keep getting an error. Here is the code: SmtpMail.SmtpServer = "MAILSERV.meas-inc.com" SmtpMail.Send(me@myserv.com", "someuser@mail.com", "Sub Text", "Msg Text") Exception = Could not access 'CDO.Message' object. Base Exception = The message could not be sent to the SMTP server. The transport error code was 0x800ccc15. The server response was not available
8
1805
by: Manfred Braun | last post by:
Hello All! I am writing a management application, which has to access remote machines registry via System.Diagnostics.EventLog.CreateEventSource . For each machine, I connect to, I create a DirectoryEntry and connect to that machine specifying credentials. That's becauase the running user does not has the right permissions . The application is written in C# and the action taken is done with threads from the threadpool.
0
1314
by: Brent | last post by:
After six months flawless operation, I'm suddenly getting this error: "Unable to read data from the transport connection." The code* hasn't changed, and from what I can see, neither have the IP address, network card, security protocols, etc. The code works fine on other machines, but the critical one -- the one it's supposed to work on -- fails. The stack trace** doesn't seem to help me out, but I thought perhaps someone here could shed...
1
1667
by: bthubbard | last post by:
Hello All, I've run into a bit of an issue and I was hoping that someone here could help me. I have inherited a Windows Service written in .Net 2.0 (C#) from a previous employee. It build successfully and I am able to install it on the target machine via installutil but when I attempt to run it I receive a security error. First I receive the dialog telling me that the service could not be started "Error 1053: The service did..." and...
0
4610
by: palmem | last post by:
I am trying to write a simple FTP server in order to learn about sockets This is my first time trying sockets This code should take a connection on port 8110, dump it to a client "thread" (not a thread yet), print "Test\n" to the thread, and close everything. It fails on creating the client thread with error 106: 'Transport endpoint is already connected'
1
3080
by: Tobias Grimm | last post by:
Hi! I'm trying to get a WebService running (self hosting, without IIS) that uses SSL and loads the SSL key/certificate from a file (without using httpcfg.exe). I have a running service and netstat shows a listening https interface, but I can't access the service or the wsdl meta data. Any ideas, what's going wrong here (see code below)?
0
8625
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9113
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8841
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8822
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7658
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6488
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5838
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
2997
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2269
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.