Solved

WCF, anonymous access, Error 401

Posted on 2010-09-03
3
981 Views
Last Modified: 2012-05-10
Hi all,

I've wrote a WCF vn.net service. All test run nicely on my local computer (as usual), On the final computer also when I was testing, but if i try to acces the WCF with a user not identified on my domain, I got the borring 401 error message.
I know it's something wrong inside my web.config but I can't locate the error. here is the file:

Thx

<?xml version="1.0"?>

<!--

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>





    <configSections>

      <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

        <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

          <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

          <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

            <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" />

            <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

            <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

            <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

          </sectionGroup>

        </sectionGroup>

      </sectionGroup>

    </configSections>  





    <appSettings/>

    <connectionStrings/>



    <system.web>

        <!--

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.



            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

        <compilation debug="true" strict="false" explicit="true">



          <assemblies>

            <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

            <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

          </assemblies>



        </compilation>

        <pages>

          <namespaces>

            <clear />

            <add namespace="System" />

            <add namespace="System.Collections" />

            <add namespace="System.Collections.Specialized" />

            <add namespace="System.Configuration" />

            <add namespace="System.Text" />

            <add namespace="System.Text.RegularExpressions" />

            <add namespace="System.Linq" />

            <add namespace="System.Web" />

            <add namespace="System.Web.Caching" />

            <add namespace="System.Web.SessionState" />

            <add namespace="System.Web.Security" />

            <add namespace="System.Web.Profile" />

            <add namespace="System.Web.UI" />

            <add namespace="System.Web.UI.WebControls" />

            <add namespace="System.Web.UI.WebControls.WebParts" />

            <add namespace="System.Web.UI.HtmlControls" />

          </namespaces>



          <controls>

            <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

          </controls>



        </pages>

        <!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

        <authentication mode="Windows" />

	<authorization>

		<allow users="*" />

	</authorization>



        <!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.



        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->





      <httpHandlers>

        <remove verb="*" path="*.asmx"/>

        <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>

      </httpHandlers>

      <httpModules>

        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      </httpModules>

      <trace enabled="true" localOnly="false"/>



    </system.web>

    

  <system.codedom>

      <compilers>

        <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4"

                  type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">

          <providerOption name="CompilerVersion" value="v3.5"/>

          <providerOption name="OptionInfer" value="true"/>

          <providerOption name="WarnAsError" value="false"/>

        </compiler>

      </compilers>

    </system.codedom>



    <!--

        The system.webServer section is required for running ASP.NET AJAX under Internet

        Information Services 7.0.  It is not necessary for previous version of IIS.

    -->

    <system.webServer>

      <validation validateIntegratedModeConfiguration="false"/>

      <modules>

        <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      </modules>

      <handlers>

        <remove name="WebServiceHandlerFactory-Integrated"/>

        <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode"

             type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"

             type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

      </handlers>

    </system.webServer>





  <system.serviceModel>

    <services>

      <service behaviorConfiguration="CI_Management.BeamerBehavior"        name="CI_Management.Beamer">

        <endpoint address="ws" binding="wsHttpBinding" contract="CI_Management.IBeamer">

          <identity>

            <dns value="localhost" />

          </identity>

        </endpoint>

        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

      </service>

      <service behaviorConfiguration="CI_Management.ManagementBehavior"        name="CI_Management.Management">

        <endpoint address="ws" binding="wsHttpBinding" contract="CI_Management.IManagement">

          <identity>

            <dns value="localhost" />

          </identity>

        </endpoint>

        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

      </service>

    </services>

    <behaviors>

      <serviceBehaviors>

        <behavior name="CI_Management.BeamerBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="false" />

        </behavior>

        <behavior name="CI_Management.ManagementBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="false" />

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

</configuration>

Open in new window

0
Comment
Question by:Sybux
  • 2
3 Comments
 
LVL 17

Expert Comment

by:Rovastar
Comment Utility
What 401 error pattern are you getting?

You appear to requre Windows authentication

        <authentication mode="Windows" />
      <authorization>
            <allow users="*" />
      </authorization>


So I am a little confused by "but if i try to acces the WCF with a user not identified on my domain, I got the borring 401 error message.
"
0
 

Author Comment

by:Sybux
Comment Utility
Sorry, you're right, I've upload the unsaved version of my web.config file.
Authentication mode is set to None.

The strange thing, is that now , I can access to http://myserver/myservice.svc with an anonymous user but If i an application which connect to this service. I got the following new error message :

Exception non gérée : System.ServiceModel.FaultException: The message could not
be processed. This is most likely because the action 'http://tempuri.org/IManage
ment/getZZdemo' is incorrect or because the message contains an invalid or expir
ed security context token or because there is a mismatch between bindings. The s
ecurity context token would be invalid if the service aborted the channel due to
 inactivity. To prevent the service from aborting idle sessions prematurely incr
ease the Receive timeout on the service endpoint's binding.

Server stack trace:
   à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRunti
me operation, ProxyRpc& rpc)
   à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
way, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan time
out)
   à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
way, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallM
essage methodCall, ProxyOperationRuntime operation)
   à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqM
sg, IMessage retMsg)
   à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDat
a, Int32 type)
0
 

Accepted Solution

by:
Sybux earned 0 total points
Comment Utility
Finally I've found the solution after 4 days of googling...

In fact you need to specify in the web.config how to "untrust" connection. You need to add the bold text in your config to get ride of any kind of identification.

<system.serviceModel>
    <services>
      <service behaviorConfiguration="CI_Management.BeamerBehavior"        name="CI_Management.Beamer">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="NoSecurityBinding" contract="CI_Management.IBeamer">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />-->
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="CI_Management.BeamerBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="NoSecurityBinding">
          <security mode="None">
            <transport clientCredentialType="None"/>
            <message establishSecurityContext="false"/>
          </security>                    
        </binding>
      </wsHttpBinding>
    </bindings>
 </system.serviceModel>
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

To properly understand GitHub, let’s divide it into two words ‘Git’ and ‘Hub’. Git is basically a ‘Distribution Version Control’ (DVC) and ‘Source Code Management’ (SCM) system widely used by software programmers while Hub means the efficient centre…
In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now