Problem
System.ServiceModel.Security.SecurityAccessDeniedException : Access is denied.
Relevant Stack lines (reduced)
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
Environment
Developer Machine (host): Windows Vista, Visual Studio 2008, nUnit Test Machine (guest): Windows 2003, IIS, Windows 2003 Firewall (disabled) Virtual Machine: Virtual PC Network: Microsoft Loopback AdapterDescription
The Windows 2003 hosts a WCF service inventory, services within are well tested. When an application consumer runs inside windows 2003 - everything works fine. When an application consumer runs from Windows Vista (under this virtual network) - security problems appears. So it was needed to adjust de service and include a certificate. Documentation was followed but the access still denied.Purpose
No sophisticated security arrangements is needed - its simply a laptop and virtual machine. I tried to replicate this official scenario: http://msdn.microsoft.com/en-us/library/ms733938.aspx I want make calls to services hosted on windows 2003 from my application under Windows Vista OS using the Unit Test application (nunit). The deployed services on windows 2003 is a well tested ones.WHAT WORKS
Any service using (or past .asmx webservices) works properly.Suspicion
I believe it has to be with this dammed Windows Vista. The Windows 2003 event log has successful auditing entries.SERVICE SETTINGS
The consumer - nunit applicat开发者_如何学编程ion running on Windows Vista:
<system.serviceModel>
<client>
<endpoint address="http://soa.homolog.com/RemoteService/RemoteService.svc"
binding="wsHttpBinding"
behaviorConfiguration="InternetEndpointBehavior"
bindingConfiguration="AnonymousBindingConfiguration"
contract="RemoteService.IRemoteService"
name="WSHttpBinding_IEmpresaService">
<identity>
<dns value="homologCertificate" />
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="AnonymousBindingConfiguration">
<security mode="Message">
<message clientCredentialType="None" />
</security>
</binding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="InternetEndpointBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
The service, hosted on IIS/Windows 2003:
<system.serviceModel>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://soa.homolog.com" />
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<bindings>
<wsHttpBinding>
<binding name="BindingNoSecurity">
<security mode="Message">
<message clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CompanyCoreBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug
includeExceptionDetailInFaults="true" />
<serviceThrottling
maxConcurrentCalls="500"
maxConcurrentInstances="500"
maxConcurrentSessions="500" />
<serviceTimeouts
transactionTimeout="00:10:00" />
<serviceCredentials>
<serviceCertificate
findValue="homologCertificate"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
This is a System.ServiceModel.Security exception so it is probably not a firewall or IIS problem.
Try removing the following code from the client:
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
And the following code from the server:
<serviceCredentials>
<serviceCertificate
findValue="homologCertificate"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My"/>
</serviceCredentials>
Start by enabling WCF tracing on the server. The trace log may contain a meaningful error message. Enable message logging and see if there any obvious differences between the messages that are accepted and those that are not. Although, honestly, I don't see how this can happen in your case.
精彩评论