ASP.Net authentication problem to WCF service on Server 2008

Discussion in 'ASP .Net Web Services' started by Eddie, Jan 29, 2009.

  1. Eddie

    Eddie Guest

    I am having a tough time deploying a web site to IIS 7 on Windows Server 2008.
    The site works fine until it tries to make calls to a WCF service hosted on
    the same host.

    Everything works great for the service from my workstation when the web is
    ran in Visual Studio 20008
    using the exact same web config etc. As soon as I deploye the web in a
    virtual directory on the server
    Bam. Authentication errors. It also works as is when both are deployed on a
    Windows 2003 Server. What
    is different about Server 2008 that is causing this? HELP! Please.

    In case it is important, all of the service operations require Active
    Directory group membership for the
    ASP.net page's authenticated user and are adorned as:
    [PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]

    I get the following error from the web site:

    The request for security token could not be satisfied because authentication
    failed.
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information about
    the error and where it originated in the code.

    Exception Details: System.ServiceModel.FaultException: The request for
    security token could not be satisfied because authentication failed.

    Source Error:



    Line 919:
    Line 920: public HSMembersService.MemberSearchResult
    SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
    Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
    Line 922: }
    Line 923: }

    Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary
    ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line:
    921

    Stack Trace:



    [FaultException: The request for security token could not be satisfied
    because authentication failed.]

    System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
    message, EndpointAddress target) +6375432

    System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message
    message, EndpointAddress target) +25

    System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message
    incomingMessage, SspiNegotiationTokenProviderState sspiState) +173

    [SecurityNegotiationException: The caller was not authenticated by the
    service.]
    System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) +4596611
    System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) +1713
    HSMembersService.IHSMembersService.SearchMembers(MemberSearch
    MemberInfoToSearch) +0
    HSMembersService.HSMembersServiceClient.SearchMembers(MemberSearch
    MemberInfoToSearch) in
    c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
    Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs:921
    _default.btnSearch_Click(Object sender, EventArgs e) in
    e:\CSRWeb\default.aspx.cs:114
    System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
    System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
    +140
    System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
    sourceControl, String eventArgument) +39
    System.Web.UI.Page.ProcessRequestMain(Boolean
    includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215



    ASP.net web site's web.config (relevant Service portion):


    <system.serviceModel>
    <bindings>
    <wsHttpBinding>
    <binding name="WSHttpBinding_IHSMembersService" closeTimeout="00:01:00"
    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
    bypassProxyOnLocal="false" transactionFlow="false"
    hostNameComparisonMode="StrongWildcard"
    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
    messageEncoding="Text"
    textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
    <readerQuotas maxDepth="32" maxStringContentLength="8192"
    maxArrayLength="16384"
    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
    <reliableSession ordered="true" inactivityTimeout="00:10:00"
    enabled="false" />
    <security mode="Message">
    <transport clientCredentialType="Windows" proxyCredentialType="None"
    realm="" />
    <message clientCredentialType="Windows"
    negotiateServiceCredential="true"
    algorithmSuite="Default" establishSecurityContext="true" />
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>
    <client>
    <endpoint
    address="http://hssoabusstg/Services/MembershipService/HSMembersService.svc"
    binding="wsHttpBinding"
    bindingConfiguration="WSHttpBinding_IHSMembersService"
    contract="HSMembersService.IHSMembersService"
    name="WSHttpBinding_IHSMembersService">
    <identity>
    <servicePrincipalName value="host/hssoabusstg" />
    </identity>
    </endpoint>
    </client>
    </system.serviceModel>


    Services web.config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <system.web>
    <compilation debug="true" />

    </system.web>
    <appSettings>
    <add key="MaxSearchResults" value="100"/>
    </appSettings>
    <connectionStrings>
    <add name="BIDWConnection"
    connectionString="CHANGEDTOPROTECTTHEINNOCENT"
    providerName="System.Data.SqlClient" />
    </connectionStrings>
    <!-- When deploying the service library project, the content of the config
    file must be added to the host's
    app.config file. System.Configuration does not support config files for
    libraries. -->
    <system.serviceModel>
    <services>
    <service name="HSMembersService.HSMembersService"
    behaviorConfiguration="HSMembersService.HSMembersServiceBehavior">

    <!-- Service Endpoints -->
    <!-- Unless fully qualified, address is relative to base address
    supplied above -->
    <endpoint address ="" binding="wsHttpBinding"
    contract="HSMembersService.IHSMembersService"
    bindingConfiguration="wsHttpBindingConfig">
    <!--
    Upon deployment, the following identity element should be
    removed or replaced to reflect the
    identity under which the deployed service runs. If removed,
    WCF will infer an appropriate identity
    automatically.
    -->
    <!--<identity>
    <dns value="localhost"/>
    </identity>-->
    </endpoint>
    <!-- Metadata Endpoints -->
    <!-- The Metadata Exchange endpoint is used by the service to
    describe itself to clients. -->
    <!-- This endpoint does not use a secure binding and should be
    secured or removed before deployment -->
    <endpoint address="mex" binding="mexHttpBinding"
    contract="IMetadataExchange"/>
    </service>
    </services>
    <bindings>
    <wsHttpBinding>
    <binding name="wsHttpBindingConfig" >
    <security mode="Message">
    <message clientCredentialType="Windows" />
    </security>

    </binding>
    </wsHttpBinding>
    </bindings>
    <behaviors>
    <serviceBehaviors>
    <behavior name="HSMembersService.HSMembersServiceBehavior">
    <!-- To avoid disclosing metadata information,
    set the value below to false and remove the metadata endpoint
    above before deployment -->
    <serviceMetadata httpGetEnabled="True"/>

    <serviceAuthorization principalPermissionMode="UseWindowsGroups"
    />
    <!-- To receive exception details in faults for debugging purposes,
    set the value below to true. Set to false before deployment
    to avoid disclosing exception information -->
    <serviceDebug includeExceptionDetailInFaults="True" /><!-- Change
    this before deployment -->
    </behavior>
    </serviceBehaviors>
    </behaviors>
    </system.serviceModel>
    </configuration>
    Eddie, Jan 29, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon
    Replies:
    0
    Views:
    1,010
    Simon
    Oct 13, 2009
  2. Cindy Lee
    Replies:
    1
    Views:
    2,109
    Mr. Arnold
    Mar 19, 2010
  3. Jeff Stephens

    WCF service, legacy client using Basic authentication?

    Jeff Stephens, Jun 2, 2009, in forum: ASP .Net Security
    Replies:
    1
    Views:
    1,112
    Jeff Stephens
    Jun 2, 2009
  4. Curt K
    Replies:
    3
    Views:
    457
    John Saunders [MVP]
    Jun 15, 2007
  5. pjb
    Replies:
    0
    Views:
    1,096
Loading...

Share This Page