Geek Answers Handbook

Access denied while accessing WCF service

I have a WCF service ported to the .NET Framework 4.5 installed in IIS 7.0. I can view the service in a browser. But when I refer to a service in, say, a console application and try to call a method in it, I get an "Access denied" error message. Below are the stack trace and web.config settings that I use.

System.ServiceModel.Security.SecurityAccessDeniedException was unhandled HResult=-2146233087 Message=Access is denied. Source=mscorlib StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter) at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at ConsoleApplication1.sharedservice.IShared.ProcessRequest(ProcessRequestRequest request) at ConsoleApplication1.sharedservice.SharedClient.ConsoleApplication1.sharedservice.IShared.ProcessRequest(ProcessRequestRequest request) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Service References\sharedservice\Reference.cs:line 214 at ConsoleApplication1.sharedservice.SharedClient.ProcessRequest(String RuleName, String RequestMessage, Int32 WaitTime, Int32 ChannelID, Int32 PassThruMode, Int32 MaxResponseSize, Int32 MaxErrorText, Int32& ActualResponseSize, String& Response, Int32& ActualErrorTextSize, String& ErrorText) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Service References\sharedservice\Reference.cs:line 226 at ConsoleApplication1.Program.Main(String[] args) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Program.cs:line 22 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: <configuration> <appSettings/> <connectionStrings/> <system.web> <compilation debug="false" targetFramework="4.5"> <assemblies> <add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </assemblies> </compilation> <authentication mode="Windows" /> <pages controlRenderingCompatibilityVersion="4.0"> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </httpModules> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </handlers> </system.webServer> <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="false" /> <services> <service behaviorConfiguration="Access_Shared_WCF.SharedBehavior" name="Access_Shared_WCF.Shared"> <endpoint address="" binding="basicHttpBinding" contract="Access_Shared_WCF.IShared"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="http/localhost/Access_Shared_WCF/Shared" /> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Access_Shared_WCF.SharedBehavior"> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration>
+4
source share
2 answers

I have a similar problem with WCF. The problem was that my appPool account does not have rights to the generated IIS assemblies that it uses for the shadow copy. I track it using procmon http://technet.microsoft.com/cs-cz/sysinternals/bb896645.aspx with filtering on the IIS process name "w3wp.exe" and status "access denied". Then call the service again and check the procmon output which files have this problem.

I have deniend access in the c: \ windows \ temp \ Microsoft.Generated.dll folder, so I delete it, call it again, and a new one is generated and everything works.

Another option is a "stronger" appPool user ID, for example LocalService (appPool โ†’ advanced settings โ†’ Indetitiy โ†’ Predefined account โ†’ Local service)

But the solution with procmon is more fun :-)

0
source

There are many reasons why you might get this error. The times I came across is when the wcf method is bound to a specific AD role:

  • Configure ClientCredentials for the web service client. This can be inconvenient and doing certain things to connect the client can lead to loss of credentials.
  • setting InnerChannel.OperationTimeout before installing ClientCredentials will destroy the ClientCredentials (I know, but I tested it many times).
0
source

More articles:


All Articles