Getting 'Access is Denied' exception message when running WCF service on Windows Azure

Question

I am trying to build a Healthvault WCF web service that requires an x509 certificate to deploy on Windows Azure in C# using Visual Studio 2010. When I debug the solution on my local IIS7, I can perform all functions no problem. When I deploy to Windows Azure and try to run any of my methods, I get this error.

The server encountered an error processing the request. The exception message is 'Access is denied.'. See server logs for more details. The exception stack trace is:

at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

This doesn't seem to have anything to do with the Healthvault code, so I'm assuming that it's related to the WCF service. What I can't figure out is what changes between my local dev environment and Azure. Regardless, here is my web.config file

<?xml version="1.0"?>
<configuration>
  <system.diagnostics>
    <trace>
      <listeners>
        <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
          name="AzureDiagnostics">
          <filter type="" />
        </add>
      </listeners>
    </trace>
  </system.diagnostics>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
 <system.serviceModel>
   <services>
     <service name="myIHM.Healthvault">
       <endpoint address="" binding="webHttpBinding" contract="myIHM.IHealthvault" behaviorConfiguration="webHttp" />
     </service>
   </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="webHttp">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
  <appSettings>
    <add key="ApplicationId" value="[my-app-id]"/>
    <add key="ShellUrl" value="https://account.healthvault-ppe.com/"/&gt;
    <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/"/&gt;
    <add key="AppCertSubject" value="[my-cert-subject]"/>
  </appSettings>
</configuration>

I've looked around for some answers but I can't seem to find anything that pertains to my situation. Does anyone have any recommendations? Thanks.

Answer 1

One thing to be aware of is that you have more permissions when running in development fabric than you do in Cloud fabric. SO it's not too uncommon to have things work in development fabric and then run into permission errors in the Cloud; a bummer, I know. You can try to get the server logs using e.g. Azure Diagnostics Manager (http://www.cerebrata.com/Products/AzureDiagnosticsManager/Default.aspx) which has a free trial. That might provide you with more details on exactly what is failing.