Kian Ting
Reputation: 11
IIS WebService Request for principal permission failed
I have created a simple web service and in the web service I have written a simple method as illustrated in the code below.
[PrincipalPermission(SecurityAction.Demand, Role = @"KIANCOORP\SomethingElse Users U")]
public string HelloWorld()
{
var msg = "Hello {0} from internal.".FormatWith(IdentityName);
_log.Info(msg);
return msg;
}
I have hosted the web service in an app pool that is set to a Domain User KIANCOORP\webapppooluser, and I have added this user into the group of "KIANCOORP\SomethingElse Users U" (via active directory).
Now when I use an internet browser to browse to the web service I get the following prompt, so I try to log in with the same user that I have used to set as the app pool user for this HelloWorld web service of mine.
Now if I try to log in with the correct credentials, the prompt comes up again
Its like I have to enter the credentials 3 times, I have tested this and everytime I have been prompted with the login dialog box I have to try 3 times and eventually it gets into the following browser screen.
System.ServiceModel Warning: 131076 : <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning"><TraceIdentifier>http://msdn.microsoft.com/en-NZ/library/System.ServiceModel.Diagnostics.TraceHandledException.aspx</TraceIdentifier><Description>Handling an exception.</Description><AppDomain>/LM/W3SVC/3/ROOT-1-131164864670874625</AppDomain><Exception><ExceptionType>System.Security.SecurityException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Request for principal permission failed.</Message><StackTrace> at System.Security.Permissions.PrincipalPermission.ThrowSecurityException()
at System.Security.Permissions.PrincipalPermission.Demand()
at System.Security.PermissionSet.DemandNonCAS()
at KianService.HelloWorld() in C:\vso\SandBox\KianService.cs:line 81
at SyncInvokeHelloWorld(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)</StackTrace><ExceptionString>System.Security.SecurityException: Request for principal permission failed.
at System.Security.Permissions.PrincipalPermission.ThrowSecurityException()
at System.Security.Permissions.PrincipalPermission.Demand()
at System.Security.PermissionSet.DemandNonCAS()
at KianService.HelloWorld() in C:\vso\SandBox\KianService.cs:line 81
at SyncInvokeHelloWorld(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.PrincipalPermission
The first permission that failed was:
&lt;IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"&gt;
&lt;Identity Authenticated="true"
Role="KIANCOORP\SomethingElse Users U"/&gt;
&lt;/IPermission&gt;
The demand was for:
&lt;IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"&gt;
&lt;Identity Authenticated="true"
Role="KIANCOORP\SomethingElse Users U"/&gt;
&lt;/IPermission&gt;
The assembly or AppDomain that failed was:
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionString></Exception></TraceRecord>
System.ServiceModel Error: 131075 : <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-NZ/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>/LM/W3SVC/3/ROOT-1-131164864670874625</AppDomain><Exception><ExceptionType>System.ServiceModel.FaultException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Access is denied.</Message><StackTrace> at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
at System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)
at System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
at System.ServiceModel.Channels.HttpChannelListener.HttpContextReceived(HttpRequestContext context, Action callback)
at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)
at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
</StackTrace><ExceptionString>System.ServiceModel.FaultException: Access is denied.</ExceptionString></Exception></TraceRecord>
System.ServiceModel Information: 131076 : <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Information"><TraceIdentifier>http://msdn.microsoft.com/en-NZ/library/System.ServiceModel.Diagnostics.TraceHandledException.aspx</TraceIdentifier><Description>Handling an exception.</Description><AppDomain>/LM/W3SVC/3/ROOT-1-131164864670874625</AppDomain><Exception><ExceptionType>System.ServiceModel.FaultException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Access is denied.</Message><StackTrace> at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace><ExceptionString>System.ServiceModel.FaultException: Access is denied.
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</ExceptionString></Exception></TraceRecord>
I cant find anything helpful online that can help me trouble shoot this error.
Upvotes: 0
Views: 1178
Answers (1)
Kian Ting
Reputation: 11
I have solved the issue this is a very strange issue. I looked for the same user group in active directory, I use the user group string literal from my IIS logs to search for the same matching group in Active directory but I couldnt find it.
Role="KIANCOORP\SomethingElse Users U"/>
But when I browse the active directory to get the matching user group I found it, So I copied and pasted the usergroup string literal from my IIS log's to the user group name text box that was in active directory and click apply.
Then I restart IIS and use internet explorer to browse to the web service again, now IIS is able to resolve the access rights of the user that I am using to log in and match it to the appropriate appropriate user group (as written in my C# code "[PrincipalPermission(SecurityAction.Demand, Role = @"KIANCOORP\SomethingElse Users U")]"), and I am able to get a hellow world response.
Upvotes: 0
Related Questions
- Request for the permission of type 'System.Security.Permissions.FileIOPermission.. failed
- Permission issue when webservice deployed as virtual directory. Works in VS IDE
- Request for principal permission failed - probably due windows group?
- Web Service Access Denied
- 403 Forbidden error When calling webservice method from ASP.net Application
- Access denied for web service
- Error 403.14 when installing WebService on IIS7
- Deployment of .net Web-service on IIS7 error 403.14?
- Web services and Access Denied
- The request failed with HTTP Status 403: Forbidden when calling a web service