E
Eddie
I am having a tough time deploying a web site to IIS 7 on Windows Server 2008.
The site works fine until it tries to make calls to a WCF service hosted on
the same host.
Everything works great for the service from my workstation when the web is
ran in Visual Studio 20008
using the exact same web config etc. As soon as I deploye the web in a
virtual directory on the server
Bam. Authentication errors. It also works as is when both are deployed on a
Windows 2003 Server. What
is different about Server 2008 that is causing this? HELP! Please.
In case it is important, all of the service operations require Active
Directory group membership for the
ASP.net page's authenticated user and are adorned as:
[PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]
I get the following error from the web site:
The request for security token could not be satisfied because authentication
failed.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: The request for
security token could not be satisfied because authentication failed.
Source Error:
Line 919:
Line 920: public HSMembersService.MemberSearchResult
SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
Line 922: }
Line 923: }
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary
ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line:
921
Stack Trace:
[FaultException: The request for security token could not be satisfied
because authentication failed.]
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
message, EndpointAddress target) +6375432
System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message
message, EndpointAddress target) +25
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message
incomingMessage, SspiNegotiationTokenProviderState sspiState) +173
[SecurityNegotiationException: The caller was not authenticated by the
service.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) +4596611
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) +1713
HSMembersService.IHSMembersService.SearchMembers(MemberSearch
MemberInfoToSearch) +0
HSMembersService.HSMembersServiceClient.SearchMembers(MemberSearch
MemberInfoToSearch) in
c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs:921
_default.btnSearch_Click(Object sender, EventArgs e) in
e:\CSRWeb\default.aspx.cs:114
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +39
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215
ASP.net web site's web.config (relevant Service portion):
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IHSMembersService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://hssoabusstg/Services/MembershipService/HSMembersService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IHSMembersService"
contract="HSMembersService.IHSMembersService"
name="WSHttpBinding_IHSMembersService">
<identity>
<servicePrincipalName value="host/hssoabusstg" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Services web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<appSettings>
<add key="MaxSearchResults" value="100"/>
</appSettings>
<connectionStrings>
<add name="BIDWConnection"
connectionString="CHANGEDTOPROTECTTHEINNOCENT"
providerName="System.Data.SqlClient" />
</connectionStrings>
<!-- When deploying the service library project, the content of the config
file must be added to the host's
app.config file. System.Configuration does not support config files for
libraries. -->
<system.serviceModel>
<services>
<service name="HSMembersService.HSMembersService"
behaviorConfiguration="HSMembersService.HSMembersServiceBehavior">
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address
supplied above -->
<endpoint address ="" binding="wsHttpBinding"
contract="HSMembersService.IHSMembersService"
bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be
removed or replaced to reflect the
identity under which the deployed service runs. If removed,
WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to
describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be
secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HSMembersService.HSMembersServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint
above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<serviceAuthorization principalPermissionMode="UseWindowsGroups"
/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" /><!-- Change
this before deployment -->
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
The site works fine until it tries to make calls to a WCF service hosted on
the same host.
Everything works great for the service from my workstation when the web is
ran in Visual Studio 20008
using the exact same web config etc. As soon as I deploye the web in a
virtual directory on the server
Bam. Authentication errors. It also works as is when both are deployed on a
Windows 2003 Server. What
is different about Server 2008 that is causing this? HELP! Please.
In case it is important, all of the service operations require Active
Directory group membership for the
ASP.net page's authenticated user and are adorned as:
[PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]
I get the following error from the web site:
The request for security token could not be satisfied because authentication
failed.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: The request for
security token could not be satisfied because authentication failed.
Source Error:
Line 919:
Line 920: public HSMembersService.MemberSearchResult
SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
Line 922: }
Line 923: }
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary
ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line:
921
Stack Trace:
[FaultException: The request for security token could not be satisfied
because authentication failed.]
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
message, EndpointAddress target) +6375432
System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message
message, EndpointAddress target) +25
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message
incomingMessage, SspiNegotiationTokenProviderState sspiState) +173
[SecurityNegotiationException: The caller was not authenticated by the
service.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) +4596611
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) +1713
HSMembersService.IHSMembersService.SearchMembers(MemberSearch
MemberInfoToSearch) +0
HSMembersService.HSMembersServiceClient.SearchMembers(MemberSearch
MemberInfoToSearch) in
c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs:921
_default.btnSearch_Click(Object sender, EventArgs e) in
e:\CSRWeb\default.aspx.cs:114
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +39
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215
ASP.net web site's web.config (relevant Service portion):
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IHSMembersService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://hssoabusstg/Services/MembershipService/HSMembersService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IHSMembersService"
contract="HSMembersService.IHSMembersService"
name="WSHttpBinding_IHSMembersService">
<identity>
<servicePrincipalName value="host/hssoabusstg" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Services web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<appSettings>
<add key="MaxSearchResults" value="100"/>
</appSettings>
<connectionStrings>
<add name="BIDWConnection"
connectionString="CHANGEDTOPROTECTTHEINNOCENT"
providerName="System.Data.SqlClient" />
</connectionStrings>
<!-- When deploying the service library project, the content of the config
file must be added to the host's
app.config file. System.Configuration does not support config files for
libraries. -->
<system.serviceModel>
<services>
<service name="HSMembersService.HSMembersService"
behaviorConfiguration="HSMembersService.HSMembersServiceBehavior">
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address
supplied above -->
<endpoint address ="" binding="wsHttpBinding"
contract="HSMembersService.IHSMembersService"
bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be
removed or replaced to reflect the
identity under which the deployed service runs. If removed,
WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to
describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be
secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HSMembersService.HSMembersServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint
above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<serviceAuthorization principalPermissionMode="UseWindowsGroups"
/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" /><!-- Change
this before deployment -->
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>