tags:

views:

875

answers:

2
+3  Q: 

WCF Deployment to IIS 6 Results in 403 Permission Error

I've never deployed a WCF service to IIS 6 before. I've got a service that I'm deploying to IIS 6 by using the default configuration as part of the WCF project. I since simplified the configuration thinking that might have been the issue. Here is the error I'm getting if I browse to the service in a browser:

HTTP Error 403.1 - Forbidden: Execute access is denied.

My configuration now looks like this:

<system.serviceModel>
    <services>
        <service name="MyCompany.WebServices.MyService">
            <endpoint address="" binding="basicHttpBinding" contract="MyCompany.WebServices.IMyService" />
        </service>
    </services>
</system.serviceModel>

If I try adding it as a reference in ASP.NET MVC, I get the following:

There was an error downloading 'http://ws.mycompany.com/MyService.svc'. The request failed with HTTP status 403: Forbidden. Metadata contains a reference that cannot be resolved: 'http://ws.mycompany.com/MyService.svc'. The HTTP request was forbidden with client authentication scheme 'Anonymous'. The remote server returned an error: (403) Forbidden. If the service is defined in the current solution, try building the solution and adding the service reference again.

Any ideas what might be going on?

UPDATED:

It appears to be a configuration issue on my IIS 6 box. I'd assume this because I've created a brand new ASP.NET 3.5 WCF Application and deployed it to a new URL at http://ws.unitedoneresources.com/Service1.svc. If I try to call that service, I get the same HTTP Error listed above. The entire service configuration is the following:

  <system.serviceModel>
    <services>
      <service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior">
        <!-- Service Endpoints -->
        <endpoint address="" binding="wsHttpBinding" contract="WcfService1.IService1">
          <!-- 
              Upon deployment, the following identity element should be removed or replaced to reflect the 
              identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 
              automatically.
          -->
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WcfService1.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Again, this is a brand new ASP.NET 3.5 WCF Application so I haven't modified anything on the project itself.

A: 

You don't really give us a lot to go on here - what's missing are the server side configuration bits that show us how you set up security - can you please update your question and show us everything inside the <system.serviceModel> tag on your server side config and on your client calling the server??

Just guessing from the system defaults, using the basicHttpBinding would result in a default security setting of nothing - and it would appear as if your server-side config requires some form of security. It almost seems as if your security settings are out of sync, thus resulting in this error.

Another point is: how did you set up the IIS side? Did you create a virtual directory for your service? Basically, when hosting in IIS, your service URL is determined by server name (plus possibly the port), the virtual directory your *.svc file lives in, and the name and extension of the svc file itself.

marc_s  2010-02-20 11:23:57
On the server side, what I have listed above is what I have now. On the client side, again, just a normal ASP.NET MVC application.In IIS, the service is setup in a brand new website with nothing else in it.
Jason Gaylord  2010-02-22 01:36:54
@Jason: Ok, but can you show us the client side config, too - there must be some config!
marc_s  2010-02-22 17:13:32
@Jason: so did you create a separate virtual directory for your service? Did you put the *.svc file into that directory? I don't seem to see any virtual directory in your URL: `'http://ws.mycompany.com/MyService.svc'` or am I missing something? Typically it would be `http://server/virtualdir/yourservice.svc` or something similar - you don't seem to have a "virtualdir" part in your URL
marc_s  2010-02-22 17:14:34
No, the URL is in a brand new website called ws.mycompany.com. Secondly, I thought that I should be able to browse to it. When you ask for the client side config, if I just browse to it via the web, I wouldn't have any config.If I try to create a brand new ASP.NET or ASP.NET MVC project, I'll leave the default config and try to right-click the project and choose "Add service reference". When I enter that URL, I get the other exception. So, I guess I'm confused why the client-side config would cause that.
Jason Gaylord  2010-02-22 18:43:14
@Jason: that's what's confusing me - you keep saying you "just browse" to the site - does this imply you are (or want to) using REST ?? Because if that's the case, then your server-side binding is all wrong - you'd have to use **webHttpBinding** instead of **basicHttpBinding**........
marc_s  2010-02-22 19:22:05
Well, the two things I'm trying are the following:1) Open up a browser (ie or firefox) and browse to the URL 'http://ws.mycompany.com/MyService.svc'or2) Open up VS 2008. Add a Service Reference by going to the URL above.I'd really like just option 2 to work, but I was trying to test using 1. I guess the bindings won't allow 1, so I'm more conerned about allowing VS to "add a reference.
Jason Gaylord  2010-02-22 19:48:14
@Jason: yes, #1 won't work - you won't see anything for a default WCF service. Do you know the WCF Test Client? It hides deep inside the Visual Studio BIN directory - and it's extremely useful trying to see whether your WCF service is "visible" (in terms of Metadata needed for VS "Add Service Reference") to the outside world. Google for WCF Test Client and look inside your VS\Common7\IDE folder for the file - try it, it's worth while!
marc_s  2010-02-22 19:54:29
So what's the default security settings I should worry about to get it setup so I can adde a service reference in VS.
Jason Gaylord  2010-02-22 22:19:06
+1  A: 

I wacked the I wacked the website, installed WCF on IIS 6 (using ServiceModelReg.exe /i /x at a command prompt), and redeployed. It worked!

Thanks!

Jason N. Gaylord  2010-03-01 20:32:09

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?