ASP.NET Development Server - 403 Forbidden.

Question

I'm setting up a new PC and I installed my project to work with. It is a .NET Remoting 2.0 application that uses the ASP.NET development server to host the server side while developing. I'm getting the following error when I make requests to the server:

"The remote server returned an error: (403) Forbidden. "

I've checked the credentials being passed in and everything seems to be correct. The call is all local to my dev box and to top it off. The code hasnt' changed and all of my colleagues are working fine. Any ideas?

Answer 1

What is the error subcode?

403 - Forbidden. IIS defines several different 403 errors that indicate a more specific cause of the error:
•   403.1 - Execute access forbidden.
•   403.2 - Read access forbidden.
•   403.3 - Write access forbidden.
•   403.4 - SSL required.
•   403.5 - SSL 128 required.
•   403.6 - IP address rejected.
•   403.7 - Client certificate required.
•   403.8 - Site access denied.
•   403.9 - Too many users.
•   403.10 - Invalid configuration.
•   403.11 - Password change.
•   403.12 - Mapper denied access.
•   403.13 - Client certificate revoked.
•   403.14 - Directory listing denied.
•   403.15 - Client Access Licenses exceeded.
•   403.16 - Client certificate is untrusted or invalid.
•   403.17 - Client certificate has expired or is not yet valid.
•   403.18 - Cannot execute requested URL in the current application pool. This error code is specific to IIS 6.0.
•   403.19 - Cannot execute CGIs for the client in this application pool. This error code is specific to IIS 6.0.
•   403.20 - Passport logon failed. This error code is specific to IIS 6.0.

Answer 2

Yes the error subcode would be helpful; however, it was not included in the response. I think it has something to do with impersonation. We currently use impersonation and windows authentication.

Answer 3

OK. I've found the answer ... better part of a day shot though. Turns out the 403 error is thrown by one of our channel sink providers that filters on IP values. The channel sink provider was written with some big assumptions.

First off, it is looking for the address of the calling machine and comparing it to an ip whitelist. The author blindly gathered the first first entry in the list:

Dns.GetHostEntry(machineName).AddressList[0].Address

Turns out on my new machine, I have IPv6 enabled, so the first entry is actually the IPv6 entry. After referencing the MSDN, I discovered that the Address property is now "Obsolete", for obvious reasons.