I am having a tough time deploying a web site to IIS 7 on Windows Server 2008.
The site works fine until it tries to make calls to a WCF service hosted on the same host.
Everything works great for the service from my workstation when the web is ran in Visual Studio 20008
using the exact same web config etc. As soon as I deploye the web in a virtual directory on the server
Bam. Authentication errors. It also works as is when both are deployed on a Windows 2003 Server. What
is different about Server 2008 that is causing this? HELP! Please.
In case it is important, all of the service operations require Active Directory group membership for the
ASP.net page's authenticated user and are adorned as:
[PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]
I get the following error from the web site:
The request for security token could not be satisfied because authentication failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Source Error:
Line 919:
Line 920: public HSMembersService.MemberSearchResult SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
Line 922: }
Line 923: }
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line: 921
Stack Trace:
[FaultException: The request for security token could not be satisfied because authentication failed.]
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) +6375432
System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target) +25
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) +173
[SecurityNegotiationException: The caller was not authenticated by the service.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +4596611
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +1713
HSMembersService.IHSMembersService.SearchMembers(MemberSearch MemberInfoToSearch) +0
HSMembersService.HSMembersServiceClient.SearchMembers(MemberSearch MemberInfoToSearch) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs:921
_default.btnSearch_Click(Object sender, EventArgs e) in e:\CSRWeb\default.aspx.cs:114
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +39
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215
ASP.net web site's web.config (relevant Service portion):
Services web.config:
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address ="" binding="wsHttpBinding" contract="HSMembersService.IHSMembersService" bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HSMembersService.HSMembersServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" /><!-- Change this before deployment -->
</behavior>
</serviceBehaviors>
</behaviors>
Okay, no answers here nor on the MSDN subscription groups.
So, I tried everything. And I mean everything. After what seemed like several days but in reality was probably only 20 hours, it works!
All I did was move the physical path the services files i.e. .dll, .svc etc. to a directory off of my c:root versus the wwwroot and it worked. I had to update my virtual directory to point to it of course.
Why did this location cause a problem? Does IIS7.0/Windows server 2008 change something that doesn't allow services to be deployed from a physical location of wwwroot? I'll probably never find out because I will never try to deploy another service from there.
I triple-checked all account/directory permissions and the ones in the new physical path are identical to the ones in the old physical path so no good there.
If anyone finds out why or knows why. Please let me/us know.
Thanks,
Eddie
Related
I have an old ASP.NET website that has a WCF service that is used to return a JSON payload. It works fine in localhost, but when I try to deploy it to a shared hosting website, I get an exception:
IIS specified authentication schemes 'IntegratedWindowsAuthentication, Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.
I cannot make this change as it is a shared environment.
Is there something I need to change in my configuration in Web.config with regards to the service? Here's what I've got:
<system.serviceModel>
<services>
<service name="BoggleService">
<endpoint binding="webHttpBinding" contract="Solver" behaviorConfiguration="webHttp"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
I also had this configuration, but it was commented out (like I said, a project from long ago, trying to resurrect it):
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.example.com/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
But if I uncomment that and include it, I get the following exception in both localhost and in the shared hosting website:
Index was out of range. Must be non-negative and less than the size of the collection.
Here's the full stack trace:
[ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index]
System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource) +64
System.ThrowHelper.ThrowArgumentOutOfRangeException() +15
System.Collections.Generic.List`1.get_Item(Int32 index) +7515544
System.ServiceModel.Web.WebServiceHost.AddAutomaticWebHttpBindingEndpoints(ServiceHost host, IDictionary`2 implementedContracts, String multipleContractsErrorMessage) +82
System.ServiceModel.Web.WebServiceHost.OnOpening() +203
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +229
System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/Solver.svc' cannot be activated due to an exception during compilation. The exception message is: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11667006
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessRequest(Object sender, EventArgs e) +275
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
And this is coming from within the bowels of WCF - it's not coming from my code (the stack trace shows it never gets to my code and if I run the debugger and set a breakpoint in my code, it is never reached).
And interestingly, if I set the <baseAddressPrefixFilters> setting to http://localhost, it works on localhost! But not on production.
Thanks!
I think the problem could be simplified given that it uses the WebHttpBinding to host Restful style service.
In .net4.5, we could use the following simplified configuration to host the Restful style service.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
By default, the webhttpbinding use WebHttpSecurityMode.None. So it is unlikely that the authentication schema error above will occur. If necessary, don't forget to enable the authentication mode in IIS authentication module.
Try to replace your configuration with mine and provide a http binding in IIS site binding module.
Feel free to let me know If there is anything I can help with.
I have an issue where I cannot consume the SSRS web services in my production environment but it works in my local development environment and test environment. The only difference is the production environment has the web services installed on a different server, our production database server. However, typing the web service URL into a browser on the production web server correctly prompts for credentials and then loads the web service XML definition when the correct credentials are provided.
The exception I am getting is shown below.
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass5`1.<CreateGenericTask>b__4(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
I have the following XML in my web.config for accessing the SSRS web services.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ReportingService2010Soap" sendTimeout="00:05:00" maxReceivedMessageSize="5242880">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Windows" realm="54.252.119.210"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://xxx/ReportServer/ReportService2010.asmx" binding="basicHttpBinding" bindingConfiguration="ReportingService2010Soap" contract="ReportServer.ReportingService2010Soap" name="ReportingService2010Soap"/>
<endpoint address="http://xxx/ReportServer/ReportExecution2005.asmx" binding="basicHttpBinding" bindingConfiguration="ReportingService2010Soap" contract="ReportExecutionServer.ReportExecutionServiceSoap" name="ReportExecutionServiceSoap"/>
</client>
</system.serviceModel>
I suspect the issue has something to do with the way the production database server is configured, but I have no idea what this could be.
Turns out the issue was the reporting services web services weren't configured to use basic authentication.
SSRS authentication configuration: http://technet.microsoft.com/en-us/library/bb283249(v=sql.105).aspx
SSRS basic authentication configuraiton: http://technet.microsoft.com/en-us/library/cc281309(v=sql.105).aspx
I have the following configured in my <system.serviceModel> tag of my web.config file:
<system.serviceModel>
<bindings/>
<client/>
<behaviors>
<serviceBehaviors>
<behavior name="serviceTypeBehaviors">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service behaviorConfiguration="serviceTypeBehaviors" name="AcpService.MainFrameData">
<endpoint address="" binding="basicHttpBinding" contract="AcpService.IMainFrameService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
The XML of my service is this:
<%# ServiceHost Language="C#" Debug="true" Service="AcpService.MainFrameData" CodeBehind="MainFrameWoData.svc.cs" %>
My application is running in the Default Web Site's Application Pool with Enable 32-Bit Applications set to True (because the service uses some old data accessing libraries).
When I run it, I get this error:
Server Error in '/mainframe' Application.
The type 'AcpService.MainFrameData', provided as the Service attribute value in the ServiceHost directive, or provided in the configuration element system.serviceModel/serviceHostingEnvironment/serviceActivations could not be found.
Exception Details: System.InvalidOperationException: The type 'AcpService.MainFrameData', provided as the Service attribute value in the ServiceHost directive, or provided in the configuration element system.serviceModel/serviceHostingEnvironment/serviceActivations could not be found.
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
I almost modified my <serviceHostingEnvironment> tag to include the <serviceActions> parameters, but I don't really understand how to do that.
This is how far I got:
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<serviceActivations>
<add factory="System.ServiceModel.Activation.ServiceHostFactory"
relativeAddress="~/mainframe/MainFrameWoData.svc"
service="AcpService.MainFrameData" />
</serviceActivations>
</serviceHostingEnvironment>
I'm not sure if I am doing this correctly, and I have no idea what to insert for the service= parameter. The info on MSDN seems useless.
This project originally had a different name, but I am having to add features to the service. I do not want to edit the active service, because doing so would mean all the employees trying to access the data on our internal network would be getting that error right now, so the service was copied to a new project, and it is being published to a new location on our server. My best guess is there is something in the web.config file (or ???) that does not match up to something the project itself.
Could someone give me some help with this?
Looks like my project wanted MainFrameService instead of MainFrameData.
I started to delete this post, but... who knows? Perhaps someone else can get some use out of it.
I'm trying to add a service reference in VS 2010 to a WCF Web Service I have on a Server 2008/IIS7 server. I put the service into an existing/working ASP.NET site. When I type in the url of the service, it comes up with the standard service screen, but when I try to add the reference to a new website project I'm developing, I get the following error.
The document at the url https://www.nameofsite.net/service.svc?wsdl was not recognized as a known document type.
The error message from each known type may help you fix the problem:
- Report from 'XML Schema' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'https://www.nameofsite.net/service.svc?wsdl' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'DISCO Document' is 'Discovery document at the URL https://www.nameofsite.net/Service.svc?disco could not be found.'.
- The document format is not recognized.
- Report from 'WSDL Document' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
Metadata contains a reference that cannot be resolved: 'https://www.nameofsite.net/service.svc?wsdl'.
There was no endpoint listening at https://www.nameofsite.net/service.svc?wsdl that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
The remote server returned an error: (404) Not Found.
If the service is defined in the current solution, try building the solution and adding the service reference again.
I tried adding the mime type svc to IIS and that didn't work. I see that there's a lot of talk about soap 1.1 not communicating with soap 1.2 but I'm too new to this to even follow the instructions I've seen. Please help. Thanks.
Is the service publishing its metadata? Check the httpsGetEnabled flag in the web.config file for the service:
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior">
<serviceMetadata httpsGetEnabled="true"
httpsGetUrl="https://myComputerName/myEndpoint" />
</behavior>
</serviceBehaviors>
</behaviors>
For more info on these tags: ServiceMetaData
You may also need this endpoint configured in your web.config for the service:
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
Some more background:
Web.Config
WSDL vs MEX
I have the following WCF :
[OperationContract]
IList<OperationRoomDto> GetOperationRooms();
and I have a website that uses this WCF, when I use Visual studio (Asp.Net development server) it works fine, but when I deploy the WCF to IIS I get this exception:
The remote server returned an error: (405) Method Not Allowed.
I made a simple website to test this WCF (on IIS) and It worked.
this is a part of the website web.config file:
<endpoint address="http://server/WcfService"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMessageService"
contract="MyProject.Web.Wcf.IMessageService" name="BasicHttpBinding_IMessageService">
</endpoint>
and this part of the web service config file:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
I tried to debug the w3wp.exe service to get any hidden exception,I put a break point at the web service methods, but the debugger didn't even reach there, and the exception happened before reaching to the web service class.
I figured out the problem, it was because the Url of the wcf is not correct, it misses the service file name
<endpoint address="http://server/WcfService"
it should become :
<endpoint address="http://server/WcfService/Service.svc"