httpmodule in WCF web role for windows azure , Emulator issue

Question

I have created demo application using this.

Now i am modifying an application as per my need. An application is working fine untill i add httpmodule section in web.config file.

i am getting an error like "There is a problem with the resource you are looking for, and it cannot be displayed." when i am adding httpmodule section in web.config file and run using ctrl+F5.

httpmodule section of web.config file is as follows 


<httpModules>
  <add name="WSFederationAuthenticationModule"   type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</httpModules>


when i am trying to debug problem, i am not even able to run application. i am getting an error as below :
There was an error attaching the debugger to the IIS worker process for URL 'http://127.255.0.1:82/' for role instance 'deployment16(485).SingleSLWCFWebRole.WCFServiceWebRole1_IN_0'. Unable to start debugging on the web server. See help for common configuration errors. Running the web page outside of the debugger may provide further information.
Make sure the server is operating correctly. Verify there are no syntax errors in web.config by doing a Debug.Start Without Debugging. You may also want to refer to the ASP.NET and ATL Server debugging topic in the online documentation.

Any help would be greatly appreciated.


Thanks

Jonyy

Answer 1

Probably the way you are using the configuration is causing the issues.You should first add identity model in to config sections.

BTW Are you trying to create claims aware authentication for you service role? If so the way you need to use identity model in WCF is little different than using in web sites. HttpModule would act as authentication module for ASP.NET based web sites to redirect the users to appropriate STS and build fed cookie after authentication, which is slightly a different way in WCF.

Please go through this article on achieving claims authenitcation for WCF 

---

Veerendra Balla

Answer 2

Remove HttpModule, use the sections in web.config as :

<system.webServer>
    <modules>
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    </modules>
  </system.webServer>

Answer 3

Hi VineetBhatia,

thanks for quick response.

i have tried solution suggested by you but i am getting below error. i am not able to run app.

There was an error attaching the debugger to the IIS worker process for URL 'http://127.255.0.1:82/' for role instance 'deployment16(485).SingleSLWCFWebRole.WCFServiceWebRole1_IN_0'. Unable to start debugging on the web server. See help for common configuration errors. Running the web page outside of the debugger may provide further information.

Make sure the server is operating correctly. Verify there are no syntax errors in web.config by doing a Debug.Start Without Debugging. You may also want to refer to the ASP.NET and ATL Server debugging topic in the online documentation.

yes, we are using STS for authentication. we are trying to consume it in our silverlight based client application.

one more thing i would like to share is application is working fine on the server using STS. now we are thinking to migrate it to Cloud. so we are making necessary changes to make it work on cloud. so for that i am validating it first on emulator. if it is working fine on emulator then i can move it to cloud.

what should be the other reason ? emulator allows me to run app if i comment httpmodule and module sections of web.config file. but i am not getting expected output. :-(

Thanks

Jonyy

Answer 4

One more thing :

* first make sure it stays as Modules and HttpModules is completely commented out. Can you run the compute emulator without debugging (CTRL + F5) only and tell me if you see the exception still. ?

* Also refer to the below and see if it helps

http://jasonhaley.com/blog/post/2012/03/12/Windows-Azure-SDK-Gotcha-Multiple-Sites-in-Single-Role-Running-Local.aspx

Answer 5

i have checked two cases :

1) i can run app on emulator even with F5 if i commented out those section. but i couldn't get expected output.

2) i can run the compute emulator without debugging if i don't comment those section. but i am getting below error after page load itself.

<fieldset>

500 - Internal server error.

There is a problem with the resource you are looking for, and it cannot be displayed.

</fieldset>

Answer 6

can you ensure that the IDentityModel assembly in the project ref, the copy local is set to true ?

Answer 7

Typically you should see this problem when you deploy the application to azure. But you should not typically see this problem on appfabric.

First GAC the identity model DLL on the machine where you are running the application.

When you are moving your application to cloud, you would definitely see this error even if you have your dll in you application bin, the reason being the web role app domian would get changed when service run time methods are being called. If you deploy your application as is it wont recognize the dll, and it must be loaded in the GAC.

To solve that problem have a start up task in the web role project to register the identity model dll in GAC.

You could either do it through GACUTIL or you could add the WIF installation as your startup task.

Just follow this link to understand how to add the start up task that registers your dll in the GAC of the role VM.

I am sure it would resolve your problem.

---

Veerendra Balla

Answer 8

@vineet: i have already done these configurations.

@veerendra : as vineet has shown snap, if we did those settings we dont really required to add start up tasks. you are right i am also getting 500 internal server error on cloud as well.

before few days, i had deployed WCF service on cloud. i was consuming it in silverlight based client application which is also on cloud. DLL of identity model was already there. i did face DLL not found issue but it was resolved by setting copy to local to TRUE.

now i am trying to consume STS in my relying party(silverlight client) application. but i am getting errors, as i said above, in making it work on emulator only.

Let me deploy both application and will provide you URL.

Answer 9

Custom STS service :

https://suststs.cloudapp.net/Service.svc

Silverlight client app after uncommenting httpmodule and module section of web.config files:

http://slclientapp.cloudapp.net/SilverlightAppTestPage.aspx

Answer 10

As per my experience, you would might have issues if you dont put your identity model in to GAC when you access service management API. This is obvious thing to do if you want to add diagnostics. We practically encountered this issue and resolved by installing WIF through startup tasks.

Give a try and let me know

---

Veerendra Balla

Answer 11

thanks for quick response.

i have commented httpmodules and module sections of web.config files and deployed different version of sliverlight based application:

http://slclientapp1.cloudapp.net/SilverlightAppTestPage.aspx

i am able to see login page... bt i am not getting expected output... :-(

Thanks

Jonyy

Answer 12

Hi Jony,

can you turn the customerrors off, so that we can see the actual error ?

Answer 13

hi vineet,

it is already set to off in both application.

Answer 14

you can enter anything in username & password. there is no code of matching those.. i have just set messages at few places inside code, just to acknowledge from where i am getting error. (kind of tracing)

Answer 15

Have you tried gacing the DLL on role machine?

---

Please mark the replies as Answered if they help and Vote if you found them helpful.

Answer 16

possible to share your complete silverlight project stripped off with anything private ?

Answer 17

no, i didn't tried by gacing the DLL on role machine. Because of some proxy issues, i am not able to connect to remote server right now. but i will see it when i will out of office.

about code, if i stripped off few things then prj won't work as expected.

Answer 18

Hi vineet,

you have suggested me to remove httpmodule section and use it inside system.webserver. i have tried it again and checked my web.config settings.

it is working for me now. thanks for valuable support and quick response.

now i have deployed client app with module section in web.config file.

STS service URL : https://suststs.cloudapp.net/Service.svc

silverlight client app URL : http://slclientapp.cloudapp.net/SilverlightAppTestPage.aspx

i am using web development helper to see logs/request. now i am getting an error as below:

ystem.ServiceModel.CommunicationException: The remote server returned an error: NotFound. ---> System.Net.WebException: The remote server returned an error: NotFound. ---> System.Net.WebException: The remote server returned an error: NotFound.

   at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)

   at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClassa.<EndGetResponse>b__9(Object sendState)

   at System.Net.Browser.AsyncHelper.<>c__DisplayClass4.<BeginOnUI>b__1(Object sendState)

   --- End of inner exception stack trace ---

   at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)

   at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)

   --- End of inner exception stack trace ---

   at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)

   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)

   at System.ServiceModel.ClientBase`1.ChannelBase`1.EndInvoke(String methodName, Object[] args, IAsyncResult result)

   at SL.IdentityModel.Services.AuthenticationServiceClient.AuthenticationServiceClientChannel.EndSignInWithIssuedToken(IAsyncResult result)

   at SL.IdentityModel.Services.AuthenticationServiceClient.SL.IdentityModel.Services.AuthenticationService.EndSignInWithIssuedToken(IAsyncResult result)

   at SL.IdentityModel.Services.AuthenticationServiceClient.OnEndSignInWithIssuedToken(IAsyncResult result)

   at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)

if you try to run http://slclientapp.cloudapp.net/AuthenticationService.svc, it is working as expected.

what could be other issue ?

Thanks

Jonyy

Answer 19

I could be either with cross domain issue or could be a message size or buffer size issue.

check these posts once

http://msdn.microsoft.com/en-us/library/cc197955(v=vs.95).aspx

Check the following configuration

   <binding name="bindingname" maxBufferSize="2147483647"
                    maxReceivedMessageSize="2147483647">

http://forums.silverlight.net/t/40770.aspx

---

Please mark the replies as Answered if they help and Vote if you found them helpful.

Answer 20

Jony,

Yep, it looks like what Veerendra mentioned, hope you are able to resolve it soon now

Answer 21

Hi veerendra,

In past, i was getting cross domain issue and it was resolved by putting crossdomain files.

I have gone through silverlight forums link and i have made changes accordingly. but still no success, facing same error. :-(

please have a look at below links...

service : https://suststs.cloudapp.net/Service.svc

silverlight client app : http://slclientapp.cloudapp.net/SilverlightAppTestPage.aspx

Thanks

Jonyy

Answer 22

Can you share your silver light config?

---

Please mark the replies as Answered if they help and Vote if you found them helpful.

Answer 23

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </configSections>
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.diagnostics>
    <trace>
      <listeners>
        <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
          name="AzureDiagnostics">
          <filter type="" />
        </add>
      </listeners>
    </trace>
  </system.diagnostics>
  <system.web>
    <customErrors mode="Off" />
    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <!--<httpModules>
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </httpModules>-->
  </system.web>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    </modules>
    <validation validateIntegratedModeConfiguration="false"/> <!-- added by me to make it work on cloud, resolve 500 internal error-->
  </system.webServer>
  <microsoft.identityModel>
    <service>
      <!--audienceUris indicates who the token is issued for-->
      <audienceUris>
        <add value="http://slclientapp.cloudapp.net/" />
      </audienceUris>
      <federatedAuthentication>
        <wsFederation passiveRedirectEnabled="true" issuer="https://suststs.cloudapp.net" realm="http://slclientapp.cloudapp.net/" requireHttps="true" />
        <cookieHandler requireSsl="false" />
      </federatedAuthentication>
      <applicationService>
        <claimTypeRequired>
          <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
        </claimTypeRequired>
      </applicationService>
      <!--issuerNameRegistry specifies any trusted certificate issuers. Thumbprint is of certificate and name is the STS url.-->
      <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
        <trustedIssuers>
          <add thumbprint="248C2C22BCF4A0F00D0B546F8E49F67F62007A47" name="https://suststs.cloudapp.net/" />
        </trustedIssuers>
      </issuerNameRegistry>
    </service>
  </microsoft.identityModel>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
</configuration>

Answer 24

i believe this config is your web.config. i was asking about config from silver light app.

---

Please mark the replies as Answered if they help and Vote if you found them helpful.

Answer 25

just to tell you that i didn't added service reference as such.

STS service (https://suststs.cloudapp.net/Service.svc), we are using its address directly whereever required in code files.

Authentication Service (http://slclientapp.cloudapp.net/AuthenticationService.svc) has been created using CreateServiceHost method of ServiceHostFactory class and this service is already in client app and used by client app only.

so we didnt actually require servicereference.clientconfig file for this POC.

Answer 26

so what i understand from you is, you are trying to access a WCF service which is running on federated authentication if i am not wrong.

If so it is not possible. You authentication service must be running with ananymous authentication and you web site need to be claims aware. Your authentication service just transfers the calims back to silver light component. And if this service is part of your web site, add the service folder to location path and allow all users.

Just go through this hands on lab. It provides end to end scenario for the same.

---

Please mark the replies as Answered if they help and Vote if you found them helpful.

Answer 27

Sorry for late response veerendra. 

yes, authentication service is running with anonymous authentiation.

we are thinking to run it on emulator before going on cloud.

first of all we have tried to host client and STS applications(integrated with azure project) on IIS and it is working fine. so after that we tried to run that on emulator. we made some configuration changes to make it run on emulator. But it is giving me an error like

The message with To 'https://127.0.0.1:4443/Service.svc/IWSTrust13' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher.  Check that the sender and receiver's EndpointAddresses agree.

i found some solution like

[ServiceBehavior(AddressFilterMode = AddressFilterMode.Any)]
[AspNetCompatibilityRequirements(RequirementsMode = 
AspNetCompatibilityRequirementsMode.Allowed)] 

as we are using microsoft identity model DLL, we dont have access to service classes.

our service's svc file contains code like this only :

<%@ ServiceHost Language="C#" Debug="true" Factory="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory" Service="CustomSecurityTokenServiceConfiguration"  %>

what should we do now ?