I want to capture the SOAP request and actual response from the WebService.
Scenario : On click of a button in asp.net application I call a web service. The Web Service returns an exception : System.Web.Services.Protocols.SoapHeaderException: Access is denied. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at WebRefProject.HRWS.TeamMemberData201012Service.getTeamMemberProfilesByFullName(GetTeamMemberProfilesByFullNameRequest_Type getTeamMemberProfilesByFullName1) in C:\Project\FinalPAT\WebCode\1PSV\WebRefProject\Web References\HRWS\Reference.cs:line 138 at UIPSAT.GetUserDetails.GetUserDetailsbyFullName(String searchValue) in C:\Project\FinalPAT\WebCode\1PSV\UI\GetUserDetails.cs:line 209
Explanation:
I have a asp.net application which calls a web service to search for employee details.
The WS requires certificates and we attach it along the request.
The service is working good on local with local certificate.
It isnt working on Dev server and is giving the above exception.
A sample application runs good on Dev with the Dev certificate.
How do I know what SOAP is sent to the web service?
Also I could not add the reference of the web service directly to the solution as it was protected and Visual Studio IDE could not add it.
However the WSDL file was not protected. It was successfully added and the URL of the Web Service was changed based on the appropriate server environments.
How do check the SOAP Request and Response?
Yes, Fiddler.
You can use WCF Diagnostic message logging facilities. Just config it on your client, the soap messages will be logged. For instance:
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
maxMessagesToLog="1000"
maxSizeOfMessageToLog="5000"/>
</diagnostics>
You can configure soapUI (http://www.soapui.org/) to act as a logging proxy between your web service client and server. Configure your client to connect to a soapUI proxy instance running on the client host. Configure the soapUI instance to then forward to the service on the remote server.
You can get the trace file to a location. Add the following to the web.Config file :
Related
I have used the Visual Studio template for an ASP.NET Webforms app with Azure AD authentication to create a simple web app. It works 100% fine locally. I can sign in, sign out, all good. Whenever I deploy to either AWS or Azure however, the behavior changes. The sign in still comes up fine, no issues at all, but after signing in, instead of taking me to the site, the browser just thinks for ages before dumping me to this error in the browser:
Server Error in '/' Application.
Runtime Error Description: An application error occurred on the
server. The current custom error settings for this application prevent
the details of the application error from being viewed remotely (for
security reasons). It could, however, be viewed by browsers running on
the local server machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a tag within
a "web.config" configuration file located in the root directory of the
current web application. This tag should then have its
"mode" attribute set to "Off".
I have tried adding the web.config setting and redeploying and it makes zero difference. Because I'm using App service on Azure for instance, I can't run the site on the actual web server as I don't have access to it. I tried looking at diagnostic log streaming, and got the below? Please help? Anyone? I have no idea why this isn't working. Interestingly, although I have asked that the site be http and it runs locally as http, once uploaded the url becomes https. Not sure if that' related.
From streaming logs (Azure)
HTTP Error 500.0 - Internal Server Error The page cannot
be displayed because an internal server error has occurred.
Most likely
causes: IIS received the request; however, an internal
error occurred during the processing of the request. The root cause of
this error depends on which module handles the request and what was
happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site
or application. This can occur if the NTFS permissions are set
incorrectly. IIS was not able to process configuration for
the Web site or application. The authenticated user does not
have permission to use this DLL. The request is mapped to a
managed handler but the .NET Extensibility Feature is not
installed. Things you can try:
Ensure that the NTFS permissions for the web.config file are
correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was
logged. Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped
to a managed handler. Create a tracing rule to track failed
requests for this HTTP status code. For more information about
creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module __DynamicModule_Microsoft.Owin.Host.SystemWeb.OwinHttpModule,
Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35_79846f5c-7e22-4a97-8a1c-24bc400cf7db
Notification EndRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x00000000
Requested
URL https://SimpleADApp:80/
Physical
Path D:\home\site\wwwroot Logon Method Not yet
determined Logon User Not
yet determined
More Information: This error means that there was
a problem while processing the request. The request was received by
the Web server, but during processing a fatal error occurred, causing
the 500 error. View
more information ยป Microsoft Knowledge Base
Articles:
My project used visual studio 2010 and is a web service application project with VB. I add service referrence for the web service.
I'm having the operations has times out when i try to access third party web service with certificate in my production server (windows 2008 r2 standard). The certificate was not expired. I've already add the trust root cert and personal cert for local computer and current user. I have no problem with my UAT server but not production server. I open the web service URL in the production server successfully but it failed when try to connect with web service application.
Below code I used to add the certificate when calling web service.
Dim ws As New AService.AServiceService
Dim cert As New X509Certificate2("CERTIFICATE_NAME","PASSWORD")
ws.ClientCertificates.Add(cert)
Having error
An error occurred. Error:
System.Net.WebException: The operation has timed out
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
I have 2 wcf services both hosted on IIS on the same machine.
Service A is called by a client and uses BasicHttpBinding with transport security and NTLM credentialtype.
Service A needs to call service B which is also hosted on IIS but uses WsHttpBinding with transport security and NTLM credentialtype.
IIS is configured to use integrated windows authentication.
The first attempt I got a 403 forbidden message:
System.ServiceModel.Security.MessageSecurityException : The HTTP request was forbidden with client authentication scheme 'Ntlm'.
System.Net.WebException: The remote server returned an error: (403) Forbidden.
This is normal because when I make a call from service A to service B the identity of the application pool is used.
In my second attempt I tried to impersonate the call to service B but then the problem is all code in the operation is executed under the callers account. This account has no ACL permissions on the server and providing these permissions is not an option.
The following error is logged:
System.IO.FileLoadException : Could not load file or assembly 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The handle is invalid. (Exception from HRESULT: 0x80070006 (E_HANDLE))
How could I solve this without changing security the ACL's or the application pool identity?
Check this out:
http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx.
Found the above link here:
http://go4answers.webhost4life.com/Example/calling-wcf-service-another-wcf-service-204170.aspx
I have an ASP.NET application that executes a WMI call to a remote system. The application Web.config contains <identity impersonate="true"> and <authentication mode="Windows"> options which, as I understand, should force the application code to be executed on behalf of the application user.
The problem is that I get "Access is denied" error, despite the fact I can successfully execute the my WMI request from PowerShell console on the same host under the same user to the remote server in question.
// this doesn't work
ManagementScope scope = new ManagementScope();
scope.Path.NamespacePath = "root\\virtualization";
scope.Path.Server = "vs01";
scope.Connect(); // <-- here comes exception
# this works just fine
Get-WmiObject -Namespace 'root\virtualization' -Class Msvm_ComputerSystem -ComputerName vs01
Dumping HttpContext.Current.User.Identity.Name, System.Security.Principal.WindowsIdentity.GetCurrent().Name, System.Threading.Thread.CurrentPrincipal.Identity.Name properties suggest that impersonation works as expected.
Ideas? Could the issue be some kind of .NET or IIS security?
You need to have a domain administrator enable Delegation for your web server machine. This is a security feature of Kerberos. By default an intermediate server (in this case your web server) is not allowed to pass the impersonation context of a client to the remote server unless it has been given Delegation permission. If you don't do this the remote target server will see the request coming in as Anonymous User... which if its properly secured will be denied access.
Note its a common policy to only allow an intermediate server to delegate to specific target servers (called constrained delegation), so if your web app needs to be able to call WMI on any server in your network you may have problem. Talk to your domain admin.
Using .net 4.0 , IIS 7.4 Windows Server 2008 R2
I have an asp.net application that sits between WCF web services and routes the requests according to some rules.
The iis error page setting is set to 'Detailed errors for local requests and custom ....'
the asp.net routing service calls the WCF service using HttWebRequest object.
I am getting an iis html error response when wcf service throws a fault exception.
but i get a proper IIS 500 error with a proper soap response when i call the service directly (without the router)
I know i can fix it by changing IIS error page setting, but i dont want to do that since it would expose my non wcf errors.
question is
is there a difference in how iis treats wcf requests vs asp.net request when it comes to 500 errors
also this used to work in IIS 6, how to get this behavior back in iis 7
You should leave ASP.NET out of the picture. Create a WCF service to stand between the two services. You can copy the routing logic from your existing ASP.NET router. The WCF service should just use "Add Service Reference" to talk to the two services.
Alternatively, just use "Add Service Reference" yourself in the ASP.NET router.