473,396 Members | 2,154 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > wcf and asp.net wshttpbinding access denied

Join Bytes to post your question to a community of 473,396 software developers and data experts.

WCF and ASP.Net wsHTTPBinding Access Denied

Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF
service in IIS on Windows Server 2003. The service works fine with the WCF
test client in Visual Studio 2008 and from an ASP.Net client hosted on my
development machine in VS2008. As soon as I deploy the ASP.net client to the
"Same" IIS server, I get Access Denied messages.

My goal is to use AD security groups so the authenticated user on the
ASP.net page should be in the group to access the service. I have validated
all of this is true.

Please Help. I have spent way too much time on this and just can't find the
problem.

Here are the relevant artifacts:

Error Message from IIS when attempting to make call to service

Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is denied.

Source Error:

Line 260:
Line 261: public HSMembersService.Member GetMember(string MemberId) {
Line 262: return base.Channel.GetMember(MemberId);
Line 263: }
Line 264:

Client Services portion of web.config

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IHSMembersService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://HOSTNAMECHANGEDFORSECURITYPURPOSES/MembershipService/HSMembersService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IHSMembersServ ice"
contract="HSMembersService.IHSMembersService"
name="WSHttpBinding_IHSMembersService">
<identity>
<servicePrincipalName value="host/HOSTNAMECHANGEDFORSECURITYPURPOSES" />
</identity>
</endpoint>
</client>
</system.serviceModel>

Relevant Service portion of web.config

<system.serviceModel>
<services>
<service name="HSMembersService.HSMembersService"
behaviorConfiguration="HSMembersService.HSMembersS erviceBehavior">
<!-- <host>
<baseAddresses>
<add baseAddress =
"http://localhost:8731/Design_Time_Addresses/HSMembersService/HSMembersService/" />
</baseAddresses>
</host>-->
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address
supplied above -->
<endpoint address ="" binding="wsHttpBinding"
contract="HSMembersService.IHSMembersService"
bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be
removed or replaced to reflect the
identity under which the deployed service runs. If removed,
WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to
describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be
secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>

</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HSMembersService.HSMembersServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint
above before deployment -->
<serviceMetadata httpGetEnabled="True"/>

<serviceAuthorization principalPermissionMode="UseWindowsGroups"
/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" /><!-- Change
this before deployment -->
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>

Here is a snippet from the class implementation of the service operation
with the AD role adornment:

[PrincipalPermission(SecurityAction.Demand, Role="IVRClientService")]
public Member GetMember(string MemberId)
{
...
}
Oct 29 '08 #1
2 12836

"Eddie" <Ed***@discussions.microsoft.comwrote in message
news:78**********************************@microsof t.com...
Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF
service in IIS on Windows Server 2003. The service works fine with the WCF
test client in Visual Studio 2008 and from an ASP.Net client hosted on my
development machine in VS2008. As soon as I deploy the ASP.net client to
the
"Same" IIS server, I get Access Denied messages.

My goal is to use AD security groups so the authenticated user on the
ASP.net page should be in the group to access the service. I have
validated
all of this is true.

Please Help. I have spent way too much time on this and just can't find
the
problem.

Here are the relevant artifacts:

Error Message from IIS when attempting to make call to service

Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.

Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is
denied.

I could be off, but wouldn't you also have to consider the permission
rights of the ASP.Net worker process? The ASP.Net worker process thread is
the thread that's hosting the ASP.NET solution on IIS, and it's the process
that's hosting the WCF solution on IIS.

This links may help you.

http://www.codeproject.com/KB/web-se...ASPNET_WP.aspx

<identityWeb.config section

The <identityWeb.config section defines what identity (Windows account) to
use when accessing the ASP.NET application. Here is the generic syntax of
the <identitysection of the Web.config:

<identity impersonate="true|false" userName="username" password="password"/>

Impersonation is the concept whereby an application executes under the
context of the identity of the client that is accessing the application.
This is achieved by using the access token provided by IIS.

By default the ASPNET Windows account is used to access ASP.NET resources
through the Aspnet_wp.exe process. This account is less powerful, compared
to the IUSR_ machinename guest Internet account used by classic ASP for
example. In certain situations you might want to use the anonymous IUSR_
machinename account, as the account accessing your ASP.NET application and
you can do that by using the following code in your Web.config file:

http://www.codeproject.com/KB/web-se...ASPNET_WP.aspx
Oct 30 '08 #2
Mr. Arnold, Thanks for the pointer. Just turning on impersonation i.e.
impersonation = true worked like a charm. Its amazing how long I've been
working on this and something so simple worked.

"Mr. Arnold" wrote:
>
"Eddie" <Ed***@discussions.microsoft.comwrote in message
news:78**********************************@microsof t.com...
Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF
service in IIS on Windows Server 2003. The service works fine with the WCF
test client in Visual Studio 2008 and from an ASP.Net client hosted on my
development machine in VS2008. As soon as I deploy the ASP.net client to
the
"Same" IIS server, I get Access Denied messages.

My goal is to use AD security groups so the authenticated user on the
ASP.net page should be in the group to access the service. I have
validated
all of this is true.

Please Help. I have spent way too much time on this and just can't find
the
problem.

Here are the relevant artifacts:

Error Message from IIS when attempting to make call to service

Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.

Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedE xception: Access is
denied.


I could be off, but wouldn't you also have to consider the permission
rights of the ASP.Net worker process? The ASP.Net worker process thread is
the thread that's hosting the ASP.NET solution on IIS, and it's the process
that's hosting the WCF solution on IIS.

This links may help you.

http://www.codeproject.com/KB/web-se...ASPNET_WP.aspx

<identityWeb.config section

The <identityWeb.config section defines what identity (Windows account) to
use when accessing the ASP.NET application. Here is the generic syntax of
the <identitysection of the Web.config:

<identity impersonate="true|false" userName="username" password="password"/>

Impersonation is the concept whereby an application executes under the
context of the identity of the client that is accessing the application.
This is achieved by using the access token provided by IIS.

By default the ASPNET Windows account is used to access ASP.NET resources
through the Aspnet_wp.exe process. This account is less powerful, compared
to the IUSR_ machinename guest Internet account used by classic ASP for
example. In certain situations you might want to use the anonymous IUSR_
machinename account, as the account accessing your ASP.NET application and
you can do that by using the following code in your Web.config file:

http://www.codeproject.com/KB/web-se...ASPNET_WP.aspx
Oct 30 '08 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Access denied calling FireEvent in Python
by: calfdog | last post by:
Hello, Does anyone know a workaround for calling fireEvent. With the latest from Microsoft OS XP2 and Hot fixes to IE it now gives an "access denied" error in Python when called. Here is what...
Python
9
Please help with [STAThread], WMI and access denied
by: | last post by:
Hi All, I have allready tried to ask a similar question , but got no answer until now. In the meantime, I found, that I cannot understand some thread-settings for the Main() function . If I use...
C# / C Sharp
0
ASP.NET, ADODB and "Access Denied"
by: ASP.Confused | last post by:
The old message looked a little stale, so I am re-posting it here. Anybody have any ideas of what I could do?!? The previous responses to this question are below. If you want to look at the...
ASP.NET
12
Access Denied trying to do quick editing
by: Ron Weldy | last post by:
I have a test server runinng 2003/IIS 6 with a mixture of asp and asp.net files. On my workstation I have a share set up to the folder where the web files reside. I am just doing quick and dirty...
ASP.NET
3
service access denied to DLLs
by: Shailesh Humbad | last post by:
I figured out what was causing the "Access is Denied" error when calling functions from referenced DLLs in my service. I've tried to be very detailed, so bear with me. It turns out that...
Visual Basic .NET
4
WSHttpBinding in WCF
by: =?Utf-8?B?RGFuTQ==?= | last post by:
Hi, If I have a WCF web service deployed that uses the WSHttpBinding, is it possible for a web service client to connect to my service if that client does not support WS-Addressing, or is...
.NET Framework
8
access denied on dll
by: Jeremy Ames | last post by:
I am trying to move an application from my system to a new test system. I really should have tried an easier program first, but I didn't really have a chance. My application was originally written in...
ASP.NET
0
WCF / wsHttpBinding / Digital Signature Corruption (!!)
by: Chris Mullins [MVP - C#] | last post by:
I've got a WCF Service hosted in IIS running on a Win2k3 machine. The service is built with Beta 2 of Orcas. The service is configured for Message Security, using the UserNameToken provider....
.NET Framework
0
Re: Could not load file or assembly or one of its dependencies.Access
by: Andy | last post by:
Thanks Peter, I thought I'd give an update on this problem. My application had 2 assemblies that contained classed for the Data access and business logic layer. It was on one of them that I was...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!