I am having trouble hosting a simple WCF service application in IIS 5.1 (XP SP3).
I follow this Pluralsight tutorial (https://www.youtube.com/watch?v=SVPXLF-g4Ws) but still the service won't load and shows IE blank page "You are not authorized to view this page .. HTTP Error 403 - Forbidden "
any advice? how to host WCF service in IIS 5.1.
Try changing the IIS Authentication for your IIS host website to "Anonymous" and see if that is where your problem is and if doing this makes it work.
NOTE: In reality, you will need to set your authentication in IIS based on whatever your authentication method is going to be.
Related
I've got Azure ServiceFabric web-app (AspNetCore 3) hosted over reverse proxy (NGinx). The app use AzureAD (in company) authentication. I've Registered App for the AD and setup Redirect Urls mannually in manifest. After publishing the APP and configuring DNS and reverse proxy I tried to authorize to my app but failed with AADSTS500117: The reply uri specified in the request isn't using a secure scheme.
Is it possible to configure client to allow http redirects?
P.S. As I know Identity Server allows it by configuring DiscoveryPolicy.
P.P.S. You can find more information in my origianl question (see. How to change redirect_uri for Azure AD)
What happens?
when you deploy web apps with a reverse proxy, as is, for instance the case with App Services as Linux containers, your application will be called on an HTTP address, whereas its registered redirect URI in the app registration will be HTTPS.
This means that when a user browses to the web app, they will be redirected to login.microsoftonline.com as expected, but with redirect_uri=http://<your app service name>.azurewebsites.net/signin-oidc instead of redirect_uri=https://<your app service name>.azurewebsites.net/signin-oidc.
How to fix it?
In order to get the right result, the guidance from the ASP.NET Core team for working with proxies is in Configure ASP.NET Core to work with proxy servers and load balancers. You should address the issue centrally by using UseForwardedHeaders to fix the request fields, like scheme.
The container scenario should have been addressed by default in .NET Core 3.0. See Forwarded Headers Middleware Updates in .NET Core 3.0 preview 6. If there are issues with this for you, please contact the ASP .NET Core team https://github.com/dotnet/aspnetcore, as they will be the right team to assist with this.
I'm trying to get my windows service working and running into a bit of a conundrum. IIS has a UCC cert installed with a host name, but I want to have my OWIN self-host windows service host share the host name.
However, if the IIS site is on and the windows service is started, the IIS site trumps the windows service and I get 404's calling the windows service's endpoints. If I shut off the IIS site, I can then access the windows service.
If the IIS site is on and the windows service isn't started, and I try to start it, I get an Access Denied error (ostensibly because IIS has already claimed all the things with that host name (all ur endpoints r belong to us)).
So is there a way to get IIS to not immediately swallow all services for that host name? Is there an exception or something that I can put in so https://host/api method calls won't be absorbed by IIS?
I have deployed an asp.net mvc application in IIS, The application has been deployed successfully and working fine. I Used ajax enabled wcf service in my application, the problem is when I want to use the method of the service. I get the not found error, but when I browse to see the service it gives the page saying that your service is hosted, I cannot access the methods of the deployed ajax enabled service.. Kindly help me out..
Things to be noticed..
My services are hosted as a file with the extension of .svc
I deployed the application on windows server 2008 r2 64 bit, but I configured the application pool to work in 32 bit.
Services are accessible, but the methods of service are not allowed.
Thanks in advance.
Ahsan Nomani.
When trying to access my WCF service it is throwing following exception
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
Inner Expeption: The remote server returned an error: (403) Forbidden.
Other observations:
It was working earlier
Same application when I set up on other system there is not error.
Using windows application from my system itself it works fine.
Situation:
WCF service is hosted in remote DEV server and I add as service reference in my web app.
For now Web app which consumes service is running from VS not by hosting in IIS
A real mess. Did anyone faced such situation? Please share with me. I google about the issue but non of them are helpful.
Check the application pool in which the service is hosted. If Windows authentication is turned on over there, then include it in the manifest xml file.
<system.web>
<authentication mode="Windows" />
</system.web>
For Reference : Click here
It could be that windows authentication is turned on on your local machine but not in IIS.
Double check the app pool your service is running under. Also, make sure the app pool is running integrated mode and that the version is correct.
See this article specifically step one.
Can anyone give a clear explanation of the difference between using
clientCredentialType=Windows, and
clientCredentialType=Ntlm
in a server-side Web.config when hosting a WCF service?
I have a SOAP 1.1 (basicHttpBinding) service for interop with existing clients. It uses ASP.NET roles so needs clients to be authenticated.
When I am using the VS2005 (Cassini) server to host the service, I have to specify ClientCredentialType=Ntlm as above, and check the Ntlm authentication box in the project properties in VS2005. ClientCredentialType=Windows doesn't work - clients get a:
401 Unauthorized error
However when I'm running under IIS, it's the other way around: ClientCredentialType=Windows works, and ClientCredentialType=Ntlm fails.
Can anyone explain this, and preferably suggest a way I can have the same web.config file to run the service in Cassini and IIS?
Update
I have .NET 3.5 SP1 on my dev machine, which is XP SP2 running in a domain. Cassini therefore runs under a domain account, and IIS 5.1 under a local account.
I wonder if it could be related to the breaking change in .NET 3.5SP1 described in these articles.
http://www.aspnetpro.com/newsletterarticle/2008/12/asp200812ab_l/asp200812ab_l.asp
http://msmvps.com/blogs/alvin/archive/2008/11/14/net-3-5-sp1-breaking-change-to-wcf.aspx
http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=354236
The situation sounds similar as clientCredentialType=Windows fails when the server is running under a domain account (which is my situation with Cassini - running as my normal domain user account), and works when running under a local account (which is my situation with IIS).
The problem is that the suggested fixes require changes to a WCF client configuration file - but in my case I'm using SOAP 1.1 (basicHttpBinding) with non-WCF clients.
clientCredentialType=Windows uses the built in Windows authentication which can be through Active Directory and NTLM.
Obviously the NTLM type will only use NTLM for authentication.
I'm sure you've seen it already, but here is a link to WCF security:
http://msdn2.microsoft.com/en-us/library/ms734769.aspx
Some more details on your setup would help. Are the IIS and Cassini servers running on the same box? If not do you have the same accounts setup on each box? IIS6 by default supports NTLM, so you shouldn't have a problem getting it to work.