none
Master data web service remote access error RRS feed

  • Question

  • If i consume master data web service remotely in same domain, i am getting error

    "{"Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/cspldk-071'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server."}"

    but same code working fine in local system(master data service and consuming web service are same system)

    please help me to resolve this issue.


    Master data service web.config

    <configuration>
      <configSections>
        <section name="masterDataServices" type="Microsoft.MasterDataServices.Core.Configuration.MdsConfigurationSectionGroup, Microsoft.MasterDataServices.Core, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" requirePermission="false" allowDefinition="Everywhere" />
      </configSections>
      <!-- Example of assigning databases to different MDS service instances:  
      <masterDataServices>
          <instance siteName="Default Web Site" virtualPath="MDS" connectionName="connection1" serviceName="MDS1" />
          <instance siteName="Site2" virtualPath="folder1/folder2/MDS2" connectionName="connection2" serviceName="MDS2" />
      </masterDataServices>
      <connectionStrings>
        <add name="defaultMdsConnection" connectionString="Data Source=(local);Initial Catalog=defaultDb;Integrated Security=True;Connect Timeout=3600"/>
        <add name="connection1" connectionString="Data Source=(local);Initial Catalog=db1;Integrated Security=True;Connect Timeout=3600"/>
        <add name="connection2" connectionString="Data Source=(local);Initial Catalog=db2;Integrated Security=True;Connect Timeout=3600"/>
      </connectionStrings>
      -->
      <masterDataServices>
        <instance virtualPath="" siteName="EnablePlusMDM" connectionName="MDS1"
          serviceName="MDS1" />
      </masterDataServices>
      <connectionStrings>
        <add name="MDS1" connectionString="Data Source=systemName;Initial Catalog=dbName;Integrated Security=True;Connect Timeout=60" />   
      </connectionStrings>
      <system.web>
        <!--The location of the temporary ASP.NET compilation directory will be filled in by the Configuration Manager.-->
        <!--The temporary directory for compilation will reside at the root of the Master Data Services install path.-->
        <compilation tempDirectory="C:\Program Files\Microsoft SQL Server\120\Master Data Services\MDSTempDir" debug="false" targetFramework="4.0">
          <assemblies>
            <add assembly="Microsoft.MasterDataServices.WebUI, Version=12.0.0.0, Culture=neutral" />
            <add assembly="Microsoft.MasterDataServices.Common, Version=12.0.0.0, Culture=neutral" />
            <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
          </assemblies>
        </compilation>
        <customErrors mode="RemoteOnly" defaultRedirect="~/Error.aspx" />    
        <authentication mode="Windows" />
        <httpRuntime maxRequestLength="100000" useFullyQualifiedRedirectUrl="true" executionTimeout="300" />
        <pages buffer="true" enableSessionState="true" enableViewStateMac="true" validateRequest="true" enableEventValidation="true" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
          <controls>
            <add tagPrefix="sc" namespace="Microsoft.MasterDataServices.WebUI.ServerControls" assembly="Microsoft.MasterDataServices.WebUI.ServerControls, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
            <add tagPrefix="act" namespace="Microsoft.MasterDataServices.WebUI.AjaxControlToolkit" assembly="Microsoft.MasterDataServices.WebUI.AjaxControlToolkit, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
          </controls>
        </pages>
        <globalization culture="auto" enableClientBasedCulture="true" uiCulture="auto" />
      </system.web>
      <startup>
        <supportedRuntime version="v2.0.50727" safemode="true" />
        <requiredRuntime version="v2.0.50727" safemode="true" />
      </startup>
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <dependentAssembly>
            <assemblyIdentity name="Microsoft.VisualBasic.Compatibility" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
            <bindingRedirect oldVersion="7.0.3300.0" newVersion="7.0.5000.0" />
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
      <system.codedom>
        <compilers>
          <compiler language="c#;cs;csharp" extension=".cs" compilerOptions="/warnaserror-" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <providerOption name="CompilerVersion" value="v4.0" />
          </compiler>
          <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" compilerOptions="/optioninfer+" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <providerOption name="CompilerVersion" value="v4.0" />
          </compiler>
        </compilers>
      </system.codedom>
      <system.web.extensions>
        <scripting>
          <webServices>
            <!--
                Uncomment this section to enable the authentication service. Include requireSSL="true" if appropriate.
                <authenticationService enabled="true" requireSSL = "true|false"/>
            -->
            <!--
                Uncomment these lines to enable the profile service, and to choose
                the profile properties that can be retrieved and modified in ASP.NET AJAX applications.

                <profileService enabled="true" readAccessProperties="propertyname1,propertyname2" writeAccessProperties="propertyname1,propertyname2" />
            -->
            <!--
                Uncomment this section to enable the role service.
                <roleService enabled="true"/>
            -->
            <jsonSerialization maxJsonLength="50000">
              <converters>
                <!--
                <add name="DataSetConverter" type="Microsoft.Web.Preview.Script.Serialization.Converters.DataSetConverter, Microsoft.Web.Preview"/>
                <add name="DataRowConverter" type="Microsoft.Web.Preview.Script.Serialization.Converters.DataRowConverter, Microsoft.Web.Preview"/>
                <add name="DataTableConverter" type="Microsoft.Web.Preview.Script.Serialization.Converters.DataTableConverter, Microsoft.Web.Preview"/>
                -->
              </converters>
            </jsonSerialization>
          </webServices>
        </scripting>
      </system.web.extensions>
      <!--
            The system.webServer section is required for running ASP.NET AJAX under Internet
            Information Services 7.0. It is not necessary for previous version of IIS.
        -->
      <system.webServer>
        <security>
          <requestFiltering>
            <requestLimits maxAllowedContentLength="100000000" />
          </requestFiltering>
                <authorization>
                    <remove users="*" roles="" verbs="" />
                    <add accessType="Allow" users="*" />
                </authorization>
          <!--<authorization>
            <add accessType="Allow" users="?"/>
          </authorization>-->
        </security>
      </system.webServer>
      <system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="mdsWsHttpBehavior">
              <!-- Enable to allow clients to retrieve metadata (WSDL) about the service endpoints. -->
              <!-- If not using SSL (httpGetEnabled="true" httpsGetEnabled="false") to expose service metadata.-->
              <!-- If SSL is being used (httpGetEnabled="false" httpsGetEnabled="true") to expose service metadata.-->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
              <!-- Enable to allow clients to see service exception details -->
              <serviceDebug includeExceptionDetailInFaults="true" />
              <serviceThrottling maxConcurrentSessions="400" />
              <dataContractSerializer maxItemsInObjectGraph="999999999" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <bindings>
          <wsHttpBinding>
            <binding name="mdsWsHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
              <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
              <!--Non-SSL implementations.-->
              <security mode="Message">
                <message clientCredentialType="Windows" establishSecurityContext="false" />
              </security>
              <!--SSL implementations-->
              <!--<security mode="Transport">-->
              <!--<message clientCredentialType="Windows" />-->
              <!--</security>-->
            </binding>
          </wsHttpBinding>
          <basicHttpBinding>
            <binding name="mdsBasicHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
              <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
              <!-- Non-SSL implementations.-->    
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows" />
              </security>
              <!-- SSL implementations -->
              <!--<security mode="Transport">-->
              <!--<transport clientCredentialType="Windows" />-->
              <!--</security>-->
            </binding>
          </basicHttpBinding>
        </bindings>
        <services>
          <service behaviorConfiguration="mdsWsHttpBehavior" name="Microsoft.MasterDataServices.Services.Service">
            <endpoint binding="wsHttpBinding" bindingConfiguration="mdsWsHttpBinding"
              bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09"
              contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
            <endpoint address="bhb" binding="basicHttpBinding" bindingConfiguration="mdsBasicHttpBinding"
              bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09"
              contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
          </service>
          <service behaviorConfiguration="mdsWsHttpBehavior" name="MDS1">
            <endpoint binding="wsHttpBinding" bindingConfiguration="mdsWsHttpBinding"
              bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09"
              contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
            <endpoint address="bhb" binding="basicHttpBinding" bindingConfiguration="mdsBasicHttpBinding"
              bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09"
              contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
          </service>
        </services>
      </system.serviceModel>
      <system.diagnostics>
        <sources>
          <!-- Adjust the switch value to control the types of messages that should be logged.
               Use the a switchValue of Verbose to generate a full log. Please be aware that
               the trace file can get quite large very quickly -->
          <source name="MDS" switchType="System.Diagnostics.SourceSwitch" switchValue="Off">
            <listeners>
              <!-- Enable and configure listeners as desired to obtain trace messages. -->

              <!-- Uncomment this listener on to log to a file. Note that the [File Location] (including the []) is a placeholder.
                   Set it to a path where the service account you chose while setting up Master Data Services has read and write privileges -->
              <!--<add name="LogFileListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="[File Location]" traceOutputOptions="DateTime" />-->

              <!-- <add name="EtwListener" type="System.Diagnostics.Eventing.EventProviderTraceListener, System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"
                   initializeData="{F2A341B8-CA5F-49ad-B00C-A82D3FCF948B}"/> -->
              <!-- <remove name="Default"/> -->
            </listeners>
          </source>
        </sources>
        <trace autoflush="true" />
      </system.diagnostics>
      <appSettings>
        <!--
        The time interval, in minutes, that user information in the MDS database
        should be considered current for an active user. The default is 20 minutes.
        -->
        <add key="MdsMaximumUserInformationCacheInterval" value="20" />
      </appSettings>
    </configuration>

    Client config

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="BasicHttpBinding_IService">                   
                      <security mode="TransportCredentialOnly">
                            <transport clientCredentialType="Windows" />
                        </security>
                    </binding>
                </basicHttpBinding>
                <wsHttpBinding>
                    <binding name="WSHttpBinding_IService">
                        <security>
                            <message establishSecurityContext="false" />
                        </security>
                    </binding>
                </wsHttpBinding>
            </bindings>
            <client>
              <endpoint address="http://systemName:port/Service/Service.svc"
                  binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
                  contract="MDSService.IService" name="WSHttpBinding_IService" >            
              </endpoint>
              
                <endpoint address="http://systemName:port/Service/Service.svc/bhb"
                    binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService"
                    contract="MDSService.IService" name="BasicHttpBinding_IService" />
            </client>
        </system.serviceModel>
    </configuration>


    Wednesday, February 25, 2015 12:48 PM

Answers

All replies