locked
File authorization failed for the request. RRS feed

  • Question

  • I met a very strange problem.
     
    Everything work fine for me (with administrator permissions). User1 can add & edit records as well. However, User1 cannot delete records.  When delete was performed following Information log was created at server side (with Source: ASP.NET 2.0.50727.0, Event ID: 1314).

    MyAppServer is Windows Server 2008 x64. I've cheked IIS authentication (Windows), file system permission (Read & Execute, Read, List Folder Contents) and HTTP Verb (* by default in IIS 7). Can anyone give me a hand?


    Event code: 4008
    Event message: File authorization failed for the request.
    Event time: 10/03/2009 5:14:54 PM
    Event time (UTC): 10/03/2009 6:14:54 AM
    Event ID: 4738cd789ad44d0b9edb67d19070af0b
    Event sequence: 73
    Event occurrence: 1
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/5/ROOT/services-1-128811390125559278
        Trust level: Full
        Application Virtual Path: /services
        Application Path: D:\MyApp\Web\services\
        Machine name: VSVWIN2008E033
     
    Process information:
        Process ID: 3016
        Process name: w3wp.exe
        Account name: MyDomain\MyServiceAccount 
     
    Request information:
        Request URL: http://MyAppServer:8264/services/WebDataService.svc/Recipients(1)
        Request path: /services/WebDataService.svc/Recipients(1)
        User host address: 10.137.162.66
        User: MyDomain\User1
        Is authenticated: True
        Authentication Type: NTLM
        Thread account name: MyDomain\MyServiceAccount 
     
    Custom event details:
    Tuesday, March 10, 2009 7:25 AM

Answers

  • This problem has been fixed by assign the User1 Modify file permission on /services/WebDataService.svc.  It seems that IIS check Modify permission when it receives a DELETE/POST verb, however no anything of those verbs will really modify the scv file. Is it a bug of ADO.NET Data Services?
    • Marked as answer by Bob H.L. _ Wednesday, March 11, 2009 6:04 AM
    Wednesday, March 11, 2009 6:03 AM

All replies

  • Have you set the clientaccesspolicy.xml file ?

    check http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx for more information !!

    Also, other possibilities:

    Check allowed verbs in IIS.

    Check you InitializeService() Method, do you set entity access rules properly ?

    Example:

    config.SetEntitySetAccessRule("*", EntitySetRights.All);

    Tuesday, March 10, 2009 3:22 PM
  • clientaccesspolicy.xml doesn't work. I thinkg it is no need as well as I am using Windows application as the client.

    allow Verbs in IIS 7 is * by default (I think that it meants allowed all verbs). absolutely config.SetEntitySetAccessRule("*", EntitySetRights.All) has been set, and I can perform all the functionalities.
    Tuesday, March 10, 2009 10:45 PM
  • This problem has been fixed by assign the User1 Modify file permission on /services/WebDataService.svc.  It seems that IIS check Modify permission when it receives a DELETE/POST verb, however no anything of those verbs will really modify the scv file. Is it a bug of ADO.NET Data Services?
    • Marked as answer by Bob H.L. _ Wednesday, March 11, 2009 6:04 AM
    Wednesday, March 11, 2009 6:03 AM
  • We encoutered this problem on svc files, and found another workaround.

    => Remove the FileAuthentication module at the web site site level.

    DELETE verb and NTFS "modify" file permissions seems linked, but this is not the expected behaviour for SVC files !

    Monday, June 18, 2012 4:41 PM