We Keep Coding

WCF Rest Service Error Acess Denied

Created a WCF Rest Service. It works fine with URL like localhost but when access it with 192.168.1.41 (ipaddress) it throws error "Access Denied".
Tried all the suggestions like Permissions, Enabled Tracing (but nothing logged).
Any Suggestions would be appreciated.
<?xml version="1.0"?>
<configuration>
<system.web>
<trust level="Full" />
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="coTrainServBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="CoTrain.CoTrainService" behaviorConfiguration="coTrainServBehavior">
<endpoint address="rh" binding="webHttpBinding" behaviorConfiguration="web" contract="CoTrain.ICoTrainService" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" aspNetCompatibilityEnabled="true" />
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
</system.serviceModel>
<system.diagnostics>
<trace autoflush="true"/>
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing, Error, Warning, Critical" propagateActivity="true">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="D:\CoTrainPublished\messages.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<connectionStrings>
<add name="CoTrainEntities" connectionString="metadata=res://*/DAL.CoTrainModel.csdl|res://*/DAL.CoTrainModel.ssdl|res://*/DAL.CoTrainModel.msl;provider=System.Data.SqlClient;provider connection string="data source=192.168.1.11;initial catalog=CoTrain;persist security info=True;user id=sa;password=TestServer#123;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
Thanks
Anand

Issues creating client for WCF Service using Federation

After modifying my service to use federation (see web.config below) I'm having trouble on my client getting it connected. In all that I have read it seems I should be able to just create
var client = new MyService()
and then set username and password on that credential and then WCF takes care of the STS token stuff, but I do not have a constructor that takes 0 arguments, I only have one that takes a binding and endpoint address. I do not see a way to create the binding manually and would just like to use it the default way, before when I was just using a basicHTTPBinding with Https I was able to create the client with the default constructor I don't see why this does not follow same logic.
The service has web.config as such:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<machineKey decryption="AES" decryptionKey="[DecrpytKey]" validation="SHA1" validationKey="[ValidationKey]" />
</system.web>
<system.serviceModel>
<services>
<service name="MyService">
<endpoint address="" binding="wsFederationHttpBinding" bindingConfiguration="wsFedBinding" contract="MyService.IMyService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://myservice.cloudapp.net/MyService.svc" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsFederationHttpBinding>
<binding name="wsFedBinding">
<security mode="TransportWithMessageCredential">
<message>
<issuer address="http://mysts.com"/>
<issuerMetadata address="https://mysts.com/adfs/services/trust/mex" />
<claimTypeRequirements>
<add claimType="http://mysts.com/user/UserDomain" isOptional="true"/>
<add claimType="http://mysts.com/user/Alias" isOptional="true"/>
</claimTypeRequirements>
</message>
</security>
</binding>
</wsFederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<serviceCertificate findValue="[Thumbprint]" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
<serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="false" />
</system.webServer>
<connectionStrings>
[Some connection strings]
</connectionStrings>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://myservice.cloudapp.net/MyService.svc" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://mysts.com">
<keys>
<add thumbprint="[Thumbprint]" />
</keys>
<validIssuers>
<add name="http://mysts.com" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="ChainTrust"/>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://mysts.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:ProviderSelection" value="productionSTS" />
</appSettings>
</configuration>

how to use roles - Method is only supported if the user name parameter matches the user name in the current Windows Identity

I have managed to get windows authentication working with a service call using this .config:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="Unsecured">
<security mode="None"/>
</binding>
<binding name="Secured">
<security mode="Message">
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehaviour" name="WebApplication.SecureService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="Secured" contract="WebApplication.ISecureService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Windows"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
In the service I'm able to see who is logged in using:
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
I'd like to check the user is a member of a particular role, so I have tried enabling the roleManager thusly:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
Then checking the role using Roles
Roles.IsUserInRole(#"DOMANIN\Role");
or:
var id = OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
Roles.IsUserInRole(id.Name, #"DOMANIN\Role");
But both throw exception:
"Method is only supported if the user name parameter matches the user name in the current Windows Identity."
Also if there is an attribute to check roles, that would be ideal as it would throw the right exception rather than me handling it myself.
Update
I just tried this:
if (Roles.RoleExists(#"DOMANIN\Role"))
and got a different exception:
"The configured Role Provider (WindowsTokenRoleProvider) relies upon Windows authentication to determine the groups that the user is allowed to be a member of. ASP.NET Role Manager cannot be used to manage Windows users and groups. Please use the SQLRoleProvider if you would like to support custom user/role assignment." Which I will Google, just thought it might help anyone who's looking at this for me.

The exceptions are telling you that you can only check the Role of the currently logged in User. To get a list of those in String form, this should work for you:
Roles.GetRolesForUser()
But, you cannot get the Roles for some arbitrary user like you can when using Forms authentication.

[PrincipalPermission(SecurityAction.Demand, Role = #"DOMAIN\Role")]
public string DoWork()
{
//user is authenticated and in the role
}
Still would be interested if any one can shed light on the exceptions.
This works even with out the roleManager enabled so clearly a different mechanism at work.

WCF Service Error on Client Service Test - SVCUtil

I created a WCF service which compiles fine and published ok; I created a web app to test the WCF service and initially when using svcutil.exe it created the source file but not the config file. So I added the service as a service reference and that looked fine until I tried to run the client app. The following error showed up:
Could not find default endpoint element that
references contract 'ServiceReference1.IService1' in the ServiceModel
client configuration section. This might be because no configuration
file was found for your application, or because no endpoint
element matching this contract could be found in the client element.
I figured its something wrong with the web.config file and searching for posts I found that I needed to copy the service model section from the service config file to the client test web config file. This did not help.
WCF Service config file
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<webHttpBinding>
<binding name="webHttpBinding" crossDomainScriptAccessEnabled="true" />
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="webHttpBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="webHttpBehavior" name="WcfInstanceRules2.Service1">
<endpoint address="mex"
binding="webHttpBinding" bindingConfiguration="webHttpBinding"
contract="WcfInstanceRules2.IService1" behaviorConfiguration="web"/>
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
WebApp Test Config file
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<webHttpBinding>
<binding name="webHttpBinding" crossDomainScriptAccessEnabled="true" />
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="webHttpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="webHttpBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="webHttpBehavior" name="WcfInstanceRules2.Service1">
<endpoint address="mex" binding="webHttpBinding"
bindingConfiguration="webHttpBinding"
contract="WcfInstanceRules2.IService1" behaviorConfiguration="webHttpBehavior"/>
</service>
</services>
</system.serviceModel>
</configuration>

You need to use a client endpoint defined on the client side. You are currently defining a new service host on the web app. On the client side, you should have something like...
<system.serviceModel>
<client>
<endpoint address="http://.../mex" binding="webHttpBinding"
bindingConfiguration="webHttpBinding"
contract="ServiceReference1.IService1" behaviorConfiguration="webHttpBehavior"/>
</client>
</system.serviceModel>
To make this easier, VS.NET will add this client endpoint for you when you use Add Service Reference.

In your endpoint tag change contract="ServiceReference1.IService1"
where ServiceReference1 is service refference which you add in your project.

WCF service page not available when browsing remotely

I have a service I have been trying to deploy on my server (iis7) for quite some time now. It works when I browse the .svc file from the server, but when I try to browse the .svc from another computer it complains that the webpage is not available.
I have enabled network discovery. What else could be causing this issue?
Here is my web.config:
<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<section name="StudentInfoAlpha.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true">
<assemblies>
<add assembly="Oracle.DataAccess, Version=2.112.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342"/>
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="StudentInfoServiceBinding">
<security mode="Transport">
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="StudentInfoAlpha.StudentInfoService" behaviorConfiguration="StudentInfoAlpha.StudentInfoServiceBehavior">
<endpoint address="" binding="wsHttpBinding" contract="StudentInfoAlpha.IStudentInfo" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="https://IPADDRESS:443/"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="StudentInfoAlpha.StudentInfoServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<applicationSettings>
<StudentInfoAlpha.Properties.Settings>
<setting name="StudentInfoAlpha_AIR_AIR" serializeAs="String">
<value>http://IPADDRESS/AIRv2Host/AIR.svc</value>
</setting>
</StudentInfoAlpha.Properties.Settings>
</applicationSettings>
</configuration>