stackoom
  简体   繁体   中英

WCF Active Directory Authorization - PrincipalPermission -> access denied

 原文  2013-09-19 12:26:49       c#/ wcf/ iis

Question

I try to secure my WCF service by an AD based logon system. I've created an AD group named "TestUsers". My user account is member of that group. The WCF Service is hosted in IIS.

But i always get the exception "SecurityAccessDeniedException".

My WCF Service looks like:

Web.Config 

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>

IService1.cs (Service interface): Just one method: 

string GetWelcomeMessage();

Service1.svc.cs: 

public class Service1 : IService1
    {
        [PrincipalPermission(SecurityAction.Demand, Role = @"mydomain\TestUsers")]
        public string GetWelcomeMessage()
        {
            return "hello world";
        }
    }

Any ideas what's wrong???

Any help would be greatly appreciated.

1 answers

solution1
 1 ACCPTED  2013-09-19 12:40:12

Make sure that the account that runs the service that hosts IIS is permitted to perform security checks in the AD.

Also change 

includeExceptionDetailInFaults="false"

to 

includeExceptionDetailInFaults="true"

for now, this might help you analyze the problem.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF PrincipalPermission Authorization WCF Service Authorizing with Active Directory - Access Denied Error SSIS -> updating Active Directory access denied exception WCF, active directory authentication|authorization and user profiles in sql combination Request authorization on PrincipalPermission fail Error with PrincipalPermission authentication in WCF Azure Active Directory authorization Active Directory smartcard authorization C# Access is Denied when adding user to Active Directory Active Directory access denied exception on DirectoryEntry.Invoke ChangePassword
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM