I created a brand new WCF web application with .NET 4.5.1
I have set in IIS the Authentication to Anonymous Authentication (enabled). All the other options are disabled. The web site in IIS is set to its own application pool which run under my credential. I am the administrator of the machine. The application pool is set to use version 4.
The url is
http://localhost:8885/Service1.svc
The port is good.
If I use the Process Monitoring I see this output for w3wp.exe:
Full Size here
Why do I get a 401 error, if I have the read-write access (the app pool is running my account)?
Server Error in '/' Application.
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to 'C:\Users\Patrick\Documents\Visual Studio 2013\Projects\MyServiceA\MyServiceA\Service1.svc'.
To make it works, you have to create a website in IIS and inside Visual Studio, in the property of the project, you add a virtual directory.
After, if you go into IIS, you will see an application added to your website.
From here you can access your WCF services
http://localhost:8885/MyServiceA/Service1.svc
Related
Its on win server 2012 R2 and researching says its IUSR_MACHINENAME which doesn't even come up when I try to add that to the folder's security list.
The error i'm getting is Access to the path denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
About the access error you mentioned, you can try this:
Make specific folders being accessed read/write for users who need it,
this can be done by a unique user or a group of users within an
organization. ex: right click and security tab, give IIS_IUSRS setting
read and write permissions on the folder. Or another way is that set
.Net Framework V4 in "Application Pool" to "Integrated" instead of
"Classic".
You can refer to this thread for the similar issue: ASP.NET is not authorized to access the requested resource when accessing temp folder
New local/ domain user needs to be created using a Web based application.
I have used System.DirectoryServices and System.DirectoryServices.AccountManagement namespaces to attain it.
So if I run the application using Visual Studio (2012) everything goes smooth (User is getting added to the active directory!).
But if I host the website in IIS and try to do the same operation, it throws an error message saying Access is Denied.
I did a research and found out the reason also - It is happening because the APPLICATION POOL Identity is set to an user who has only USER Privileges.
But due to security reasons user with ADMINISTRATIVE Privilege cannot be given as the Application Pool Identity in the application.
So, is there any alternative way to by-pass this Application Pool Identity and allow the user to create local/ domain user successfully.
Waiting for valuable reply/ suggestions.
I have created a batch job and created the iorganisationservice object by just adding the service reference.
This works when I run it on visual studio while debugging, but when I copy the exe on the server and run it gives error:
The caller was not authenticated by the service.::Inner Exception::The request for security token could not be satisfied because authentication failed.
At line: contactEntityCollection = client.RetrieveMultiple(fetchExp);
Please help.
Whatever security context the exe is running under on the server will need to be a valid user in CRM. If it's a windows service set the account to a user other than LocalSystem in the services MMC tool. If it's running as a web application set the Application Pool to the dedicated account. If it's a scheduled task set it in the configuration of the task.
You can also specify an instance of the ClientCredential class providing username and password but I'd highly recommend you avoid this route as you'll be responsible for securing the password within your application.
HI all I am developing a web API that will be using identity impersonation (using always the same functional identity valid in my domain) to check the status of configuration files of some servers. To do that, I add this to my web.config file
I also set my IIS server to neglate anonymous authentication and accept windows authentication for web service. However when I try to access the status of the files from a browser I noticed that the API is still using NT AUTHORITY\NETWORK SERVICE as the user and, of course, the access to the remote files is denied. Does anyone have an idea of what am I missing?
Thanks
My fault, forgot to set the Authentication mode to Windows in web.config
When I run my WCF service on my local machine, it works fine. When I deploy the same files to our test server, I get this error when my test client tries to connect to the WCF service:
Security Support Provider Interface (SSPI) authentication failed. The
server may not be running in an account with identity 'host/Server01'.
If the server is running in a service account (Network Service for
example), specify the account's ServicePrincipalName as the identity
in the EndpointAddress for the server. If the server is running in a
user account, specify the account's UserPrincipalName as the identity
in the EndpointAddress for the server.
What does this mean and what area should I be looking to fix? I played around with the web.config identity section, but I'm still unsure what is needed.
I got a similar error before but the message is somewhat different
Right click on the application pool the web site is running under, click on Property then go to the Identity tab. Try to put the "host/Server01" identity in and see if that helps.
This error can also happen for Microsoft Dynamics GP Web Services. In our case, it turns out that the person who set up the GP Web Services used his personal user account as the service account. When he changed his password, it broke the web services.
So, check your user identity and password if your web service used to work but no longer works.