ASP.Net authentication problem to WCF service on Server 2008

Discussion in 'ASP .Net Web Services' started by Eddie, Jan 29, 2009.

  1. Eddie

    Eddie Guest

    I am having a tough time deploying a web site to IIS 7 on Windows Server 2008.
    The site works fine until it tries to make calls to a WCF service hosted on
    the same host.

    Everything works great for the service from my workstation when the web is
    ran in Visual Studio 20008
    using the exact same web config etc. As soon as I deploye the web in a
    virtual directory on the server
    Bam. Authentication errors. It also works as is when both are deployed on a
    Windows 2003 Server. What
    is different about Server 2008 that is causing this? HELP! Please.

    In case it is important, all of the service operations require Active
    Directory group membership for the page's authenticated user and are adorned as:
    [PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]

    I get the following error from the web site:

    The request for security token could not be satisfied because authentication
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information about
    the error and where it originated in the code.

    Exception Details: System.ServiceModel.FaultException: The request for
    security token could not be satisfied because authentication failed.

    Source Error:

    Line 919:
    Line 920: public HSMembersService.MemberSearchResult
    SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
    Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
    Line 922: }
    Line 923: }

    Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary
    ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line:

    Stack Trace:

    [FaultException: The request for security token could not be satisfied
    because authentication failed.]

    message, EndpointAddress target) +6375432

    message, EndpointAddress target) +25

    incomingMessage, SspiNegotiationTokenProviderState sspiState) +173

    [SecurityNegotiationException: The caller was not authenticated by the
    reqMsg, IMessage retMsg) +4596611
    msgData, Int32 type) +1713
    MemberInfoToSearch) +0
    MemberInfoToSearch) in
    c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
    _default.btnSearch_Click(Object sender, EventArgs e) in
    System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
    System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
    sourceControl, String eventArgument) +39
    includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215 web site's web.config (relevant Service portion):

    <binding name="WSHttpBinding_IHSMembersService" closeTimeout="00:01:00"
    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
    bypassProxyOnLocal="false" transactionFlow="false"
    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
    textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
    <readerQuotas maxDepth="32" maxStringContentLength="8192"
    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
    <reliableSession ordered="true" inactivityTimeout="00:10:00"
    enabled="false" />
    <security mode="Message">
    <transport clientCredentialType="Windows" proxyCredentialType="None"
    realm="" />
    <message clientCredentialType="Windows"
    algorithmSuite="Default" establishSecurityContext="true" />
    <servicePrincipalName value="host/hssoabusstg" />

    Services web.config:

    <?xml version="1.0" encoding="utf-8" ?>
    <compilation debug="true" />

    <add key="MaxSearchResults" value="100"/>
    <add name="BIDWConnection"
    providerName="System.Data.SqlClient" />
    <!-- When deploying the service library project, the content of the config
    file must be added to the host's
    app.config file. System.Configuration does not support config files for
    libraries. -->
    <service name="HSMembersService.HSMembersService"

    <!-- Service Endpoints -->
    <!-- Unless fully qualified, address is relative to base address
    supplied above -->
    <endpoint address ="" binding="wsHttpBinding"
    Upon deployment, the following identity element should be
    removed or replaced to reflect the
    identity under which the deployed service runs. If removed,
    WCF will infer an appropriate identity
    <dns value="localhost"/>
    <!-- Metadata Endpoints -->
    <!-- The Metadata Exchange endpoint is used by the service to
    describe itself to clients. -->
    <!-- This endpoint does not use a secure binding and should be
    secured or removed before deployment -->
    <endpoint address="mex" binding="mexHttpBinding"
    <binding name="wsHttpBindingConfig" >
    <security mode="Message">
    <message clientCredentialType="Windows" />

    <behavior name="HSMembersService.HSMembersServiceBehavior">
    <!-- To avoid disclosing metadata information,
    set the value below to false and remove the metadata endpoint
    above before deployment -->
    <serviceMetadata httpGetEnabled="True"/>

    <serviceAuthorization principalPermissionMode="UseWindowsGroups"
    <!-- To receive exception details in faults for debugging purposes,
    set the value below to true. Set to false before deployment
    to avoid disclosing exception information -->
    <serviceDebug includeExceptionDetailInFaults="True" /><!-- Change
    this before deployment -->
    Eddie, Jan 29, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.