Re: WCF and ASP.Net wsHTTPBinding Access Denied
- From: Eddie <Eddie@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Oct 2008 10:43:01 -0700
Mr. Arnold, Thanks for the pointer. Just turning on impersonation i.e.
impersonation = true worked like a charm. Its amazing how long I've been
working on this and something so simple worked.
"Mr. Arnold" wrote:
.
"Eddie" <Eddie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:78C1D997-0CD4-4641-9610-866EFD7D8D47@xxxxxxxxxxxxxxxx
Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF
service in IIS on Windows Server 2003. The service works fine with the WCF
test client in Visual Studio 2008 and from an ASP.Net client hosted on my
development machine in VS2008. As soon as I deploy the ASP.net client to
the
"Same" IIS server, I get Access Denied messages.
My goal is to use AD security groups so the authenticated user on the
ASP.net page should be in the group to access the service. I have
validated
all of this is true.
Please Help. I have spent way too much time on this and just can't find
the
problem.
Here are the relevant artifacts:
Error Message from IIS when attempting to make call to service
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.
Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedException: Access is
denied.
I could be off, but wouldn't you also have to consider the permission
rights of the ASP.Net worker process? The ASP.Net worker process thread is
the thread that's hosting the ASP.NET solution on IIS, and it's the process
that's hosting the WCF solution on IIS.
This links may help you.
http://www.codeproject.com/KB/web-security/Sec_Run_ASPNET_WP.aspx
<identity> Web.config section
The <identity> Web.config section defines what identity (Windows account) to
use when accessing the ASP.NET application. Here is the generic syntax of
the <identity> section of the Web.config:
<identity impersonate="true|false" userName="username" password="password"/>
Impersonation is the concept whereby an application executes under the
context of the identity of the client that is accessing the application.
This is achieved by using the access token provided by IIS.
By default the ASPNET Windows account is used to access ASP.NET resources
through the Aspnet_wp.exe process. This account is less powerful, compared
to the IUSR_ machinename guest Internet account used by classic ASP for
example. In certain situations you might want to use the anonymous IUSR_
machinename account, as the account accessing your ASP.NET application and
you can do that by using the following code in your Web.config file:
http://www.codeproject.com/KB/web-security/Sec_Run_ASPNET_WP.aspx
- References:
- WCF and ASP.Net wsHTTPBinding Access Denied
- From: Eddie
- Re: WCF and ASP.Net wsHTTPBinding Access Denied
- From: Mr. Arnold
- WCF and ASP.Net wsHTTPBinding Access Denied
- Prev by Date: Re: HTTP POST and GET for a method with arguments by reference
- Next by Date: Re: Microsoft Webservice Security Problem
- Previous by thread: Re: WCF and ASP.Net wsHTTPBinding Access Denied
- Index(es):
Relevant Pages
|
Loading
