none
trouble with wcf on iis, access to dll denied.

    Question

  • Hallo!

    I've got a trouble with wcf.

    When I deploy my solution to iis, it works fine some time. Then something goes wrong and all calls to the service fail with exception like "cannot load assembly ... access denied."  This assembly is in bin directory in the root of the service.
    iis has version six.  Windows 2003 R2. application pool runs under AD-account with local Admin rights. Anonymous logon disabled. Integrated security turned on at site configuration. transport security via ssl is turned on.

    Also custom behaviour is used. this behaviour just impersonates user at contract access level. (I've tried to use standard impersonation scheme, but got these exceptions again)

    config:

    <?xml version="1.0" encoding="utf-8" ?>
    
    
    
    <configuration>
    
    
    
      <system.web>
    
    
    
        <compilation debug="true" />
    
    
    
        <customErrors mode="Off"/>
    
    
    
      </system.web>
    
    
    
    
    
    
    
      <system.serviceModel>
    
    
    
    
    
    
    
        <extensions>
    
    
    
          <behaviorExtensions>
    
    
    
            <add name="BehaviorExtension" type="Extensions.BehaviorExtensionElement, Extensions, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
    
    
    
          </behaviorExtensions>
    
    
    
        </extensions>
    
    
    
    
    
    
    
        <bindings>
    
    
    
          <wsHttpBinding>
    
    
    
            <binding name = "wsHttpBinding2">
    
    
    
              <security mode="Transport">
    
    
    
                <transport clientCredentialType="Windows" proxyCredentialType="None" realm="domain.com" />
    
    
    
              </security>
    
    
    
            </binding>
    
    
    
          </wsHttpBinding>
    
    
    
        </bindings>
    
    
    
        
    
    
    
        <services>
    
    
    
          <service name="Services.MyService" behaviorConfiguration="MainBehavior">
    
    
    
            <host>
    
    
    
              <baseAddresses>
    
    
    
                <add baseAddress="https://wcf.domain.com:5000/Services.MyService.svc"   />
    
    
    
              </baseAddresses>
    
    
    
            </host>
    
    
    
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding2" contract="Services.IMyService"  behaviorConfiguration="MainEndPointBehavior">
    
    
    
              <identity>
    
    
    
                <servicePrincipalName value="HTTPS/wcf.domain.com:5000" />
    
    
    
              </identity>
    
    
    
            </endpoint>
    
    
    
          </service>
    
    
    
        </services>
    
    
    
          
    
    
    
        
    
    
    
        <behaviors>
    
    
    
          <serviceBehaviors>
    
    
    
            <behavior name="MainBehavior">
    
    
    
              <serviceMetadata httpGetEnabled="true" />
    
    
    
              <serviceDebug includeExceptionDetailInFaults="true" />
    
    
    
              <serviceThrottling maxConcurrentCalls="160" maxConcurrentSessions="100"
    
    
    
                maxConcurrentInstances="260" />
    
    
    
              <serviceAuthorization principalPermissionMode="UseWindowsGroups"/>
    
    
    
            </behavior>
    
    
    
          </serviceBehaviors>
    
    
    
          <endpointBehaviors>
    
    
    
            <behavior name="MainEndPointBehavior">
    
    
    
              <BehaviorExtension />
    
    
    
            </behavior>
    
    
    
          </endpointBehaviors>
    
    
    
        </behaviors>
    
    
    
        
    
    
    
      </system.serviceModel>
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
        <connectionStrings>
    
    
    
          <add name="Data.Properties.Settings.ConnectionString"
    
    
    
              connectionString="Data Source=hq-dbs-03.domain.com;Initial Catalog=MyDB;Integrated Security=True;Connect Timeout=10"
    
    
    
              providerName="System.Data.SqlClient" />
    
    
    
        </connectionStrings>
    
    
    
    </configuration>
    
    
    
    
    
    
    
    

    impersonation code:

        public class MyMessageInspector : IDispatchMessageInspector
    
    
    
        {
    
    
    
            #region IDispatchMessageInspector Members
    
    
    
    
    
    
    
            public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, IClientChannel channel, InstanceContext instanceContext)
    
    
    
            {
    
    
    
                if (ServiceSecurityContext.Current != null)
    
    
    
                {
    
    
    
    
    
    
    
                    if (!ServiceSecurityContext.Current.IsAnonymous)
    
    
    
                    {
    
    
    
                        WindowsImpersonationContext ctx = ServiceSecurityContext.Current.WindowsIdentity.Impersonate();
    
    
    
    
    
    
    
                        return ctx;
    
    
    
                    }
    
    
    
                    else
    
    
    
                        throw new Exception(string.Format("WCF: Anonymous logon is not supported by {0} operation of {1} endpoint", request.Headers.Action, request.Headers.To));
    
    
    
                }
    
    
    
                else return null;
    
    
    
            }
    
    
    
    
    
    
    
            public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
    
    
    
            {
    
    
    
                if (correlationState != null)
    
    
    
                {
    
    
    
                    WindowsImpersonationContext ctx = correlationState as WindowsImpersonationContext;
    
    
    
                    ctx.Undo();
    
    
    
    
    
    
    
                }
    
    
    
            }
    
    
    
    
    
    
    
            #endregion  
    
    
    
        }
    
    
    
    
    
    
    
    

     Help, please. I've lost 4 days with it, and have no idea about resulution.

    Thank you.

    Tuesday, September 15, 2009 11:12 AM

All replies