Solved

WCF, anonymous access, Error 401

Posted on 2010-09-03
3
985 Views
Last Modified: 2012-05-10
Hi all,

I've wrote a WCF vn.net service. All test run nicely on my local computer (as usual), On the final computer also when I was testing, but if i try to acces the WCF with a user not identified on my domain, I got the borring 401 error message.
I know it's something wrong inside my web.config but I can't locate the error. here is the file:

Thx

<?xml version="1.0"?>

<!--

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>





    <configSections>

      <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

        <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

          <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

          <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

            <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" />

            <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

            <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

            <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

          </sectionGroup>

        </sectionGroup>

      </sectionGroup>

    </configSections>  





    <appSettings/>

    <connectionStrings/>



    <system.web>

        <!--

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.



            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

        <compilation debug="true" strict="false" explicit="true">



          <assemblies>

            <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

            <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

          </assemblies>



        </compilation>

        <pages>

          <namespaces>

            <clear />

            <add namespace="System" />

            <add namespace="System.Collections" />

            <add namespace="System.Collections.Specialized" />

            <add namespace="System.Configuration" />

            <add namespace="System.Text" />

            <add namespace="System.Text.RegularExpressions" />

            <add namespace="System.Linq" />

            <add namespace="System.Web" />

            <add namespace="System.Web.Caching" />

            <add namespace="System.Web.SessionState" />

            <add namespace="System.Web.Security" />

            <add namespace="System.Web.Profile" />

            <add namespace="System.Web.UI" />

            <add namespace="System.Web.UI.WebControls" />

            <add namespace="System.Web.UI.WebControls.WebParts" />

            <add namespace="System.Web.UI.HtmlControls" />

          </namespaces>



          <controls>

            <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

          </controls>



        </pages>

        <!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

        <authentication mode="Windows" />

	<authorization>

		<allow users="*" />

	</authorization>



        <!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.



        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->





      <httpHandlers>

        <remove verb="*" path="*.asmx"/>

        <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>

      </httpHandlers>

      <httpModules>

        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      </httpModules>

      <trace enabled="true" localOnly="false"/>



    </system.web>

    

  <system.codedom>

      <compilers>

        <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4"

                  type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">

          <providerOption name="CompilerVersion" value="v3.5"/>

          <providerOption name="OptionInfer" value="true"/>

          <providerOption name="WarnAsError" value="false"/>

        </compiler>

      </compilers>

    </system.codedom>



    <!--

        The system.webServer section is required for running ASP.NET AJAX under Internet

        Information Services 7.0.  It is not necessary for previous version of IIS.

    -->

    <system.webServer>

      <validation validateIntegratedModeConfiguration="false"/>

      <modules>

        <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      </modules>

      <handlers>

        <remove name="WebServiceHandlerFactory-Integrated"/>

        <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode"

             type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"

             type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

        <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

      </handlers>

    </system.webServer>





  <system.serviceModel>

    <services>

      <service behaviorConfiguration="CI_Management.BeamerBehavior"        name="CI_Management.Beamer">

        <endpoint address="ws" binding="wsHttpBinding" contract="CI_Management.IBeamer">

          <identity>

            <dns value="localhost" />

          </identity>

        </endpoint>

        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

      </service>

      <service behaviorConfiguration="CI_Management.ManagementBehavior"        name="CI_Management.Management">

        <endpoint address="ws" binding="wsHttpBinding" contract="CI_Management.IManagement">

          <identity>

            <dns value="localhost" />

          </identity>

        </endpoint>

        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

      </service>

    </services>

    <behaviors>

      <serviceBehaviors>

        <behavior name="CI_Management.BeamerBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="false" />

        </behavior>

        <behavior name="CI_Management.ManagementBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="false" />

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

</configuration>

Open in new window

0
Comment
Question by:Sybux
  • 2
3 Comments
 
LVL 17

Expert Comment

by:Rovastar
ID: 33603513
What 401 error pattern are you getting?

You appear to requre Windows authentication

        <authentication mode="Windows" />
      <authorization>
            <allow users="*" />
      </authorization>


So I am a little confused by "but if i try to acces the WCF with a user not identified on my domain, I got the borring 401 error message.
"
0
 

Author Comment

by:Sybux
ID: 33609166
Sorry, you're right, I've upload the unsaved version of my web.config file.
Authentication mode is set to None.

The strange thing, is that now , I can access to http://myserver/myservice.svc with an anonymous user but If i an application which connect to this service. I got the following new error message :

Exception non gérée : System.ServiceModel.FaultException: The message could not
be processed. This is most likely because the action 'http://tempuri.org/IManage
ment/getZZdemo' is incorrect or because the message contains an invalid or expir
ed security context token or because there is a mismatch between bindings. The s
ecurity context token would be invalid if the service aborted the channel due to
 inactivity. To prevent the service from aborting idle sessions prematurely incr
ease the Receive timeout on the service endpoint's binding.

Server stack trace:
   à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRunti
me operation, ProxyRpc& rpc)
   à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
way, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan time
out)
   à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
way, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallM
essage methodCall, ProxyOperationRuntime operation)
   à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqM
sg, IMessage retMsg)
   à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDat
a, Int32 type)
0
 

Accepted Solution

by:
Sybux earned 0 total points
ID: 33611174
Finally I've found the solution after 4 days of googling...

In fact you need to specify in the web.config how to "untrust" connection. You need to add the bold text in your config to get ride of any kind of identification.

<system.serviceModel>
    <services>
      <service behaviorConfiguration="CI_Management.BeamerBehavior"        name="CI_Management.Beamer">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="NoSecurityBinding" contract="CI_Management.IBeamer">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />-->
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="CI_Management.BeamerBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="NoSecurityBinding">
          <security mode="None">
            <transport clientCredentialType="None"/>
            <message establishSecurityContext="false"/>
          </security>                    
        </binding>
      </wsHttpBinding>
    </bindings>
 </system.serviceModel>
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Relic recently released its Synthetics product that allows for the creation of performance monitors that periodically test a site's performance. If you wish to test an interactive workflow New Relic employs Selenium WebDriverJS to run those test…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now