Access denied in WCF when switching to SSL (ASP.NET Forms authentication)
Question
I have a web application that users login to using ASP.NET Forms authentication. In the web application there is a Silverlight app. The Silverlight app calls a WCF Web Service on the same server. The WCF Service does not allow anonymous access so each service function has:
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
All of this works when I deploy on IIS and use HTTP.
However I want to use SSL, so I try to configure this. I have created a web site in IIS with https binding. I can login to the site using https and ASP.NET Forms Authentication. I can download the Silverlight app, but when Silverlight try to call the WCF Web Services (on the same server, under /Services) I now get Access Denied (I did not get this when I was using http).
Aspx pages are in the root, .svc-files are under /Services, images under /Img and .css under /Styles My web.config:
<location path="Img">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Styles">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Services">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name=".COOKIEDEMO"
loginUrl="~/Login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<compilation strict="true" debug="true" explicit="true" targetFramework="4.0" />
<!-- Customizing the membership provider-->
<membership defaultProvider="SaverpMesProvider" userIsOnlineTimeWindow="30">
<providers>
<add name="SaverpMesProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" applicationName="SaverpMES" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SaverpMesRoleProvider">
<providers>
<add name="SaverpMesRoleProvider"
connectionStringName="LocalSqlServer"
applicationName="SaverpMes"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<profile inherits="SaverpMes.Web.MesProfile" defaultProvider="SaverpMesProfileProvider">
<providers>
<add name="SaverpMesProfileProvider"
connectionStringName="LocalSqlServer"
applicationName="SaverpMes"
type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>
</system.web>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinaryBinding">
<binaryMessageEncoding/>
<httpsTransport/>
</binding>
</customBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="silverlightFaultExtension" type="SaverpMes.Web.Wcf.SilverlightFaultBehavior, SaverpMes.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<add name="wcfFaultExtension" type="SaverpMes.Web.Wcf.WcfFaultBehaviorExtensionElement, SaverpMes.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</behaviorExtensions>
</extensions>
<services>
<service behaviorConfiguration="ServiceBehavior" name="Product.FrontEnd.WcfService.ProductService">
<endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
binding="customBinding" bindingConfiguration="CustomBinaryBinding"
name="ProductServiceEndpoint" contract="Product.FrontEnd.Contract.IProductService" />
</service>
<service behaviorConfiguration="ServiceBehavior" name="Product.FrontEnd.WcfService.PublicProductService">
<endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
binding="customBinding" bindingConfiguration="CustomBinaryBinding"
name="PublicProductServiceEndpoint" contract="Product.SG.IPublicProductService" />
</service>
<service behaviorConfiguration="ServiceBehavior" name="Identification.FrontEnd.WcfService.FrontEndService">
<endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
binding="customBinding" bindingConfiguration="CustomBinaryBinding"
name="IdentificationServcieEndpoint" contract="Identification.FrontEnd.Contract.IFrontEndService" />
</service>
<service behaviorConfiguration="ServiceBehavior" name="Common.WcfService.CommonService">
<endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
binding="customBinding" bindingConfiguration="CustomBinaryBinding"
name="CommonServiceEndpoint" contract="Common.Contract.ICommonService" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="SilverlightFaultsBehavior">
<silverlightFaultExtension/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<wcfFaultExtension/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
</system.serviceModel>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
Basically what I have changed in web.config between the http web site and the https one are httpsTransport under customBinding and httpsGetEnabled under serviceMetadata.
Any idéas much appreciated!
1 answers
solution1
3 2012-01-19 09:17:11
I got it to work simply by adding serviceAuthorization principalPermissionMode="None" in web.config.
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="None" />
<wcfFaultExtension />
</behavior>
</serviceBehaviors>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.