none
Azure TcpClient issue RRS feed

  • Question

  • First off, I'd like to say this is my first attempt at Azure web site development, so please forgive my lack of knowledge.

    I have an ASP.NET website that uses a TcpClient to log from an external chat site.  The listening side is set up as it's own VS project and was built by a friend of mine.  It works fine when I reference the project for a WinForms app, and it works as well when I debug the azure web role app locally.  

    However, when I publish to my Azure website, I get an error: "An attempt was made to access a socket in a way forbidden by its access permissions".  I believe this is because the connection to the chat is through port 5222 which according to info I found while researching this issue is blocked by the Azure firewall.

    The listener is started during the Application_Start method. Here is the code that creates the TcpClient object which communicates with the chat server

    IPEndPoint ep = new IPEndPoint(System.Net.Dns.GetHostAddresses(Properties.Settings.Default.ChatConnectionURL)[0], Properties.Settings.Default.ChatConnectionPort);
    TcpClient client = new TcpClient();
    client.Connect(ep);

    The error occurs in the following code when checking for DataAvailable

    using (StreamReader reader = new StreamReader(client.GetStream())) { if (((NetworkStream)reader.BaseStream).DataAvailable)//error here {

    }

    }

    Anyway, hopefully there is a fairly simple solution that wouldn't require any major rewriting of the code, as like I said, the listener was not built by me (I'm sure I could implement any solution, but it would just take a long time).  Thanks in advance for any help

    Thursday, November 15, 2012 9:02 PM

Answers

  • Hi,

    This exception, according to MSDN, is caused by:

    Permission denied.

    An attempt was made to access a socket in a way forbidden by its access permissions. An example is using a broadcast address for sendto without broadcast permission being set using setsockopt(SO_BROADCAST).

    Another possible reason for the WSAEACCES error is that when the bind function is called (on Windows NT 4.0 with SP4 and later), another application, service, or kernel mode driver is bound to the same address with exclusive access. Such exclusive access is a new feature of Windows NT 4.0 with SP4 and later, and is implemented by using the SO_EXCLUSIVEADDRUSE option.

    So there're two possibilities, the permission issue or the same address has been occupied.

    You can RDP to the VM and troubleshoot. To see whether it's occupied:

    http://stackoverflow.com/questions/10461257/an-attempt-was-made-to-access-a-socket-in-a-way-forbbiden-by-its-access-permiss

    You can put the repro code in a Console application. RDP to the cloud VM, copy this Console application to the VM and run it. In this way you can troubleshoot easier.

    You may also use VM Role, which let you troubleshoot locally and possibly can avoid some issues after deployment that is caused by environment difference.

    http://msdn.microsoft.com/en-us/wazplatformtrainingcourse_vmrolelab.aspx


    Allen Chen [MSFT]
    MSDN Community Support | Feedback to us

    Monday, November 26, 2012 2:43 AM
    Moderator

All replies

  • Hi

    First to determine the issue , I suggest you cmd line to test your port, Please read this article:

    IP Range for Windows Azure Platform, Identifying connectivity issues

    To open a port in an Azure role and make a successfull connection to that port from the outside you need to understand that there is always a firewall/load-balancer in front of your worker role.

    So typically you must declare the port you want to make available from the internet in the "ServiceDefinition.csdef" file to make the firewall/load-balancer ready.

    (this example opens TCP port 123)

    <?xml version="1.0" encoding="utf-8"?>
    < ServiceDefinition name="MyTcpCloud" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
    <WorkerRole name="MyTcpHost">
    <ConfigurationSettings>
    <Setting name="DiagnosticsConnectionString" />
    </ConfigurationSettings>
    <Endpoints>
    <InputEndpoint name="MyEndpoint" protocol="tcp" port="123" />
    </Endpoints>
    </WorkerRole>
    < /ServiceDefinition>

    Then in your code running in the worker-role you need to create a listener that connects to the load-balancer (which may use a different port number in the communication with the worker role)

    TcpListener listener = new TcpListener(
    RoleEnvironment.CurrentRoleInstance.InstanceEndpoints["MyEndpoint"].IPEndpoint);

    For a complete working example that even handles load-balancing, see Maarten Balliauw excellent blog: http://blog.maartenballiauw.be/post/2010/01/17/Creating-an-external-facing-Azure-Worker-Role-endpoint.aspx

    Friday, November 16, 2012 2:31 AM
    Moderator
  • Thank you for the helpful & detailed response.  However I think there is some confusion, the issue that I'm having is connecting to an outside port, not opening ports for incoming traffic.  The project that this code lives in is a standard windows C# class library.  I've tried the solution posted in this thread 

    http://social.msdn.microsoft.com/Forums/en-US/windowsazureconnectivity/thread/cb2c9a41-fb66-4e50-9087-b9d1da4362c1/

    using AddressFamily.InterNetworkV6 but couldn't get that to work either, using code above with the TcpClient constructor passing in the InterNetworkV6 parameter results in an error "A request to send or receive data was disallowed because the socket is not connected".  Anyway, let me know if i'm not providing enough info or not being clear enough, thanks again.

    Friday, November 16, 2012 8:12 PM
  • HI

    Have you created an input endpoint on port 5222? This is required when using TCP on ports other than default ports like 818. Port 5222 is usually used in IM apps, where both inbounding and outbounding traffic is needed.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    Wednesday, November 21, 2012 3:29 AM
    Moderator
  • Yes, I have tried adding the endpoint for my web role project and still get the same error.  Is this possibly because the connection is being done from another project which is being referenced by the web role project?  The project that is doing the connection is just a general C# class library in the solution and is not a role on the cloud service project.  Perhaps that is the problem?  If so, is it possible to grant this project access to the port in some way?  Thanks again for you're help.
    Wednesday, November 21, 2012 9:48 PM
  • Hi,

    This exception, according to MSDN, is caused by:

    Permission denied.

    An attempt was made to access a socket in a way forbidden by its access permissions. An example is using a broadcast address for sendto without broadcast permission being set using setsockopt(SO_BROADCAST).

    Another possible reason for the WSAEACCES error is that when the bind function is called (on Windows NT 4.0 with SP4 and later), another application, service, or kernel mode driver is bound to the same address with exclusive access. Such exclusive access is a new feature of Windows NT 4.0 with SP4 and later, and is implemented by using the SO_EXCLUSIVEADDRUSE option.

    So there're two possibilities, the permission issue or the same address has been occupied.

    You can RDP to the VM and troubleshoot. To see whether it's occupied:

    http://stackoverflow.com/questions/10461257/an-attempt-was-made-to-access-a-socket-in-a-way-forbbiden-by-its-access-permiss

    You can put the repro code in a Console application. RDP to the cloud VM, copy this Console application to the VM and run it. In this way you can troubleshoot easier.

    You may also use VM Role, which let you troubleshoot locally and possibly can avoid some issues after deployment that is caused by environment difference.

    http://msdn.microsoft.com/en-us/wazplatformtrainingcourse_vmrolelab.aspx


    Allen Chen [MSFT]
    MSDN Community Support | Feedback to us

    Monday, November 26, 2012 2:43 AM
    Moderator