none
TCP error code 10013: An attempt was made to access a socket in a way forbidden by its access permissions

    Question

  • Hi,

    I created two services and their clients. One service calls second inside its method. I use impersonation from client to call first service that uses impersonation to call second service, and then i get exception:

     

    Could not connect to http://localhost:1690/BusinessConfigurationService. TCP error code 10013: An attempt was made to access a socket in a way forbidden by its access permissions 127.0.0.1:1690.

     

    Server stack trace:

       at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()

       at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)

       at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)

       at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)

       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

     

    Exception rethrown at [0]:

       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

       at WCFService.ServiceContracts.IBusinessConfigurationServiceContract.UserRetrieve(UserRetrieveRequest request)

       at WCFService.ServiceAgent.BusinessConfigurationServiceServiceAgent.WCFService.ServiceContracts.IBusinessConfigurationServiceContract.UserRetrieve(UserRetrieveRequest request) in

     

    It is strange that when I use the same code to call second service from client(not from the first service) everything works nice. When I use directli interface without impersonation from service1 to call service2 everything works fine.

     

    Can someone help me?

     

    Thanks,

    Indigo Cowboy

     

    Tuesday, July 08, 2008 3:08 PM

Answers

  • A few questions:

     

    1.  Since you're usnig impersonation, I'm assuming you're running the middle service under in IIS, right?  If so, are you running under Partial Trust?  If so,  try turning off Partial Trust.

    2.  If you're not running under IIS, is the middle service running as a Windows Service?  If so, what identity is it running as?  Make sure you're running as a user that you know has network access.

     

    Thursday, July 10, 2008 5:54 PM

All replies

  • A few questions:

     

    1.  Since you're usnig impersonation, I'm assuming you're running the middle service under in IIS, right?  If so, are you running under Partial Trust?  If so,  try turning off Partial Trust.

    2.  If you're not running under IIS, is the middle service running as a Windows Service?  If so, what identity is it running as?  Make sure you're running as a user that you know has network access.

     

    Thursday, July 10, 2008 5:54 PM
  •  

    Thursday, July 10, 2008 7:00 PM
  • For those who didn't get the answer they were looking for and are running a host in a windows service, check your URI strings. Mine weren't switched from dev to production and produced the error above.

    HTH,

    D

    Wednesday, June 02, 2010 9:58 PM
  • Hello,

    SL4 application is generating the error "10013: An attempt was made to access socket in a way forbidden by its access permissions" when intranet website is browsing from a computer that is not registered in Active Directory.

    Scenario:

    1.       Web site on IIS 7.0 using asp.net 3.5 and forms authentication. Windows Server 2008

    2.       Silverlight 4.0 release on net.tcp

    3.       Services in a self-hosting, developed as a Windows Services, listening port 4520

    Registered in active directory domain with the same domain user computers are working properly, but if you enter a guest computer (not registered in Active Directory) to the network, generates the following error:

    Message: Unhandled Error in Silverlight Application Could not connect to net.tcp://pruebasserver:4520/Cnt.Panacea.Wcf.Parametrizacion.SeguridadServicio. The connection attempt lasted for a time span of 00:00:14.4608272. TCP error code 10013: An attempt was made to access a socket in a way forbidden by its access permissions.. This could be due to attempting to access a service in a cross-domain way while the service is not configured for cross-domain access. You may need to contact the owner of the service to expose a sockets cross-domain policy over HTTP and host the service in the allowed sockets port range 4502-4534.   en Cnt.Std.Xap.CntApplication.ctx_ListarTokenCompleted(Object sender, ListarTokenCompletedEventArgs arg)
       en Cnt.Std.Xap.Parametros.SeguridadServicioClient.OnListarTokenCompleted(Object state)

    The clientaccesspolicy.xml file content:

    <?xml version="1.0" encoding="utf-8"?>

    <access-policy>

      <cross-domain-access>

        <policy>

          <allow-from http-request-headers="*">

            <domain uri="*" />

          </allow-from>

          <grant-to>

            <resource path="/" include-subpaths="true" />

            <socket-resource port="4502-4530" protocol="tcp" />

          </grant-to>

        </policy>

      </cross-domain-access>

    </access-policy>

     

    We want to know if we should definitely discard the use of the net.tcp or it is a problem in the IIS configuration.

    Thanks.

     

    Saturday, October 02, 2010 6:54 PM
  • I want to assure you that our network there was a conflict between the DNS domain and an ISA Server. Our network administrator adjusted platform and this error was fixed without changing anything in our application.

    Thanks

    Jaimir G.

    Thursday, October 21, 2010 12:04 AM