WCF SecurityException - wcf

I am trying to host a WCF service in IIS 6.0 on server 2003. And when I
browse to the server I get the following error.
SecurityException: Request for the permission of type
'System.Net.DnsPermission
Is this related to the permissions granted to the user account the app
pool is running under or some other problem, and how do I fix this.

This might be related to the settings for local Intranet. I am assuming that you are browsing from your PC to the server. Try this:
Connect to the server via Remote desktop (or just use the server console), then browse the service and see if you get the same error.
If you do not get an error:
On your PC add the address of the server to local intranett, then try and browse the service again.
Good luck
Shiraz

To answer the replies.
Yes that was the entire error message Terry. It didn't appear to be a WCF issue but a security configuration problem on the web server that wasn't allowing DNS Permission as required by WCF.
The problem was resolved by uninstalling SharePoint services on that server where the WCF service was being hosted. Not sure still, why SharePoint would change the security permissions.

Related

Configure ADFS for Dynamics AX 2012 Mobile Connector

I've been trying to install and configure dynamics AX mobile solution by following the instructions mentioned in the Whitepaper here
On page 12 where you can validate if your service is set up correctly by opnening the url: https://localhost/adfs/fs/federationserverservice.asmx
i get the HTTP error 503 saying that the service is unavailable. I even tried to open these URL: https://localhost/adfs/services/trust/13/usernamemixed, https://localhost/FederationMetadata/2007-06/FederationMetadata.xml but it gave me the same error message. The IIS application pool for the ADFS is running. The ADFS Windows Server is running.
The funny thing is that the "Workflow approval via email" is working.
The ADFS is installed/added through Server Manger on Windows Server 2012 R2.
Any idea how to solve this?
You should check the event viewer logs. You see the 503 error when there is a port conflict. Some other service is most likely using the same port, so even though ADFS says it has started, there is still a port conflict that you need to resolve. This is a great way to fix it:
http://social.technet.microsoft.com/wiki/contents/articles/2009.ad-fs-2-0-how-to-change-the-net-tcp-ports-for-services-and-administration.aspx
Hope this helps!

Web Deploy results in ERROR_COULD_NOT_CONNECT_TO_REMOTESVC

We are trying to configure continuous integration with TFS 2012. While queuing a new build, the publish fails with the error:
Build FAILED.
"C:\src\ProjectName.sln" (default target) (1) ->
"C:\src\Website\ProjectName.csproj" (default target) (2) ->
(MSDeployPublish target) ->
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.targets(4377,5): msdeploy error ERROR_COULD_NOT_CONNECT_TO_REMOTESVC: Web deployment task failed. (Could not connect to the remote computer ("ServerName") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC)**
I checked all the points mentioned in the IIS.NET documentation for this error. Both services mentioned, Web Management Service and Web Deployment Agent Service, are running fine. A restart of those services has no change in behavior.
Windows Server 2008 R2 with IIS 7.
Web Deployment Agent Service is running on port 8172.
Web Deploy 3.0
Windows Firewall is not blocking any port on the server.
How can this be fixed?
If you install Web Deploy 3.x BEFORE Web Management Tools are installed, you'll have to re-install Web Deploy. I beat my head against the wall for hours on this.
Install the Web Management Services ("Turn Windows Features On/Off"/Roles -> Web Server -> Management Tools -> Management Service)
Then uninstall Web Deploy (repair didn't work) via the usual Add/Remove Programs control panel
Install Web Deploy 3.x again using Web Platform Installer.
Fixed. /Sigh
Double check in your Web Deploy settings that the name of the website is exactly that of what's in IIS.
Ben Day blogged more about it.
Fix that i saw on another website:
Fix it by adding “http://” to server.
In other words, when server is www.xxxx.com would get the 403 error, but when server is http://www.xxxx.com, then it works.
You need also to indicate the app name e.g 'Default Web Site/MyApp'
That was my error. Once I added /MyApp, it worked.
I got this error when using msdeploy, not TFS. In my case I needed to make sure the user msdeploy is using had permission to deploy to the website.
Find the website in IIS manager, right click and go to Deploy, then Configure Web Deploy Publishing. Find the user used by Web Deploy and setup for this website.
In my case the Internet proxy was enabled on source - which made msdeploy to reach out to internet instead of local ICN.
You should check the logs on your IIS first - see that you actually get to the server, and then you can locate the exact error here - https://support.microsoft.com/en-us/help/943891/the-http-status-code-in-iis-7-0-iis-7-5-and-iis-8-0
Uninstalling and re-installing (not repairing!) after setting up IIS did most of the magic for me.
There is another possible cause of the error. IIS Managemente Service have its own configuration for IP Address Restrictions, which default value is Deny Access for unspecified clients (Windows Server 2012 R2 with IIS 8.5).
You must set this value to Allow or add access to your specific IP address/IP address range using the Allow... button.
Remember, you must Stop the Management Service previously to change this configuration.

What rights are required for IIS to talk a WCF service hosted on a different machine?

In this question: ASP.NET web application unable to connect to WCF hosted as windows service
it's stated that the reason IIS could not talk to a WCF service hosted on a different machine is due to rights not assigned the app pool identity.
I'm facing the same problem I believe. What are these rights, and where do I set them?
Thanks.
This depends on the configuration of the service you're trying to access. However, if you're having trouble connecting to a different machine, you most likely don't have rights to access that computer using the machine account for the server hosting IIS. You could try adding [domain][iismachine] access to the target server (the one hosting the WCF service).
This overview has some pretty good information on what needs to be done in different scenarios.

Authentication error during acess WCF service through IIS 5

I have hosted a WCF service in my local machine(XP SP3) lets name as PushService, I am consuming this service in PushServiceClient. When I keep PushService project in running mode and try to push data from PushServiceClient I am able to Push the Data(DB is in another machine). When I stop PushService project in VS 2010 and Consume PushService hosted through IIS then I am not able to Push the Data.I am facing Authentication error during connect to DB. I am not getting where its going wrong.
IIS Version: 5.0
Permission in IIS : Anonymous Acess
Binding: WSHttpBinding(Tried Basic http also)
Security mode: None
Thanks in advance,
Manjunath
Does IIS worker process have permission for database access? Impersonating the host would solve your problem.
This is due to lack of Permisswion to acess the DB, If using IIS 5.1 then in coding set it to take Default credentials if its in IIS 6.0 (Windows server 2003) set it to take local Identity in IIS AppPool. I will get back with full details on it.
Thanks Guys for your reply.
Manjunath

WCF Service testing with connections external to localhost

I'm developing a WCF webservice, but when it loads via visual studio in the built in server (Cassini) I cannot access it anyway except via localhost on that machine. I would like to try it with connections from other machines as well though... what's the best way to do this without installing IIS on my box (I can't...stupid system corporate policies prevent it).
You might be able to use / install IIS Express (see this link) without administrative privileges. However sadly Cassini does not allow remote connections.
If I am not mistaken, you should install IIS. Cassini does not support remote connections.