Security :: WCF/ASMX, SSL, Getting Forbidden Error Even Though Cert Is Attached
Mar 21, 2011
I'm running into an issue connecting to a web service that is protected with a ssl cert. I have the PFX key, and have included the WSDL in my project. However, i always get a "Forbidden" error. At first I thought this was just a problem with the key, so we regenerated the certs and keys and tried again... Still Forbidden. The group who is hosting the web service turned up their logging and found that my cert is NOT being passed. Yet when I look at my call to the webservice, I can see the cert is attached to the object.
Is there anything I'm doing obviously wrong?
Apologies for this being in VB.NET ;)
[Code]....
View 1 Replies
Feb 10, 2011
I hace created a webservice, that is on one server and then I created a web application on another server to consume that webservice. My web application uses threading. In my web application, I call the webservice and it returns me the response. Then my thread sleeps for 20 minutes and then it again calls webservice, but when i call the webservice second time , it fails. Here is the error and stack trace:-
Stack Trace:- at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at TransactionExport.LocalWebService.TransactionExportStaging.GetDays(String projCode) in C:inetpubwwwrootTransactionExportWeb ReferencesLocalWebServiceReference.vb:line 102
at TransactionExport.TransactionExport.LoadDays() in C:inetpubwwwrootTransactionExportExport.vb:line 267
View 4 Replies
Mar 11, 2010
I have a web application that built on using VS2005 running under an XP operating system. Recently the computer was upgraded to Vista. After installing VS2005 and all pages, pressing the RUN button throws an error where the start page is "forbidden". I have replaced the page with a test page named "Test.asp" that merely says hello, and that does not display (access is forbidden). I haven't a clue. I am an administrator on the machine. Does anyone know what this problem is?
View 6 Replies
Nov 26, 2010
I have javascripts folder under root folder , its all workig fine till now. Suddenly it started giving me the following error for all the javascripts under scripts folder.I the only change i made today is , deployed some files under website root directory which are asp files. I didn't deploy any files to scripts folder at all.
I saw in firebug net panel and i got the same error there.
The page cannot be displayedYou have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed. try the following: Contact the Web site administrator if you believe this directory should allow execute access.
HTTP Error 403.1 - Forbidden: Execute access is denied.Internet Information Services (IIS)
Technical Information (for support personnel)
View 1 Replies
Jun 10, 2010
I have a Client Application calling a WCF service. I was getting a faultedState error on the client, after looking around I discovered this was because the client proxy was in a using statement and was actually hiding a security error. I have not been able to fix this fault and have not been able to find much online about it. I have undone the changes that caused this error to happen and the error continued, I have even went back to a different version of the solution and still encountered this error. I later set up my solution on another machine and pretty much encountered the same problem after working for a couple of hours.
I have the service and client running in my local solution. I'm using visual studio 2008. The error I get is "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail." and inner exception is "An error occurred when verifying security for the message."
Server stack trace: at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message
message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,
ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
View 3 Replies
Jun 2, 2010
I have a WCF Service that I have boiled down to next to nothing because of this error. It is driving me up the wall. Here's what I have now.
A very simple WCF service with one method that returns a string with the value, "test".
A very simple Web app that uses the service and puts the value of the string into a label.
A web server running IIS 6 on Win 2003 with a SSL certificate.
Other WCF services on the same server that work. I publish the WCF service to it's https location I run the web app in debug mode in VS and it works perfectly. I publish the web app to it's https location on the same server the WCF service resides under the same SSL certificate I get, "The remote server returned an error: (403) Forbidden" I have changed almost every setting in IIS as well as the WCF and Web apps to no avail. I have compared setting in the WCF services that work and everything is the same.
Below are the setting in the web.config for the WCF Service and the WEB app: It appears the problem has to do with the Web app but I am out of ideas.
WCF Service:
<system.serviceModel>
<bindings>
<client />
<services>
<service behaviorConfiguration="Ucf.Smtp.Wcf.SmtpServiceBehavior" name="Ucf.Smtp.Wcf.SmtpService">
<host>
<baseAddresses>
<add baseAddress="[|URL]" />
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" contract="Ucf.Smtp.Wcf.ISmtpService" bindingConfiguration="SSLBinding">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Ucf.Smtp.Wcf.SmtpServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" httpsHelpPageEnabled="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
Web App:
<system.serviceModel>
<bindings><wsHttpBinding>
<binding name="WSHttpBinding_ISmtpService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
<client>
<endpoint address="[URL]"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISmtpService"
contract="SmtpService.ISmtpService" name="WSHttpBinding_ISmtpService">
<identity>
<dns value="localhost" />
</identity>
</client>
</system.serviceModel>
View 3 Replies
Feb 22, 2010
I'm trying to use the AsyncFileUpload control from the Asp.net Ajax Control Toolkit (Sept 30, 2009 stable build: 30930) . I've created a demo application and the control works fine. Files upload and all is well. When I try to use the control in my real application, I'm always receiving an error stating "The file attached is invalid". The AsyncFileUpload control returns this when the file uploaded is null.
To isolate the problem, I created a new master page exactly like the master page in my demo app. I also created an aspx page exactly like the page in my demo app. The upload still fails with a "The file attached is invalid" error. I also compared the web.config for the real app and the demo app and couldn't identify any differences that should matter. The code below is the test code in my real app. This code is exactly the same as the functioning code in the demo app with the exception of having different class names and file names. The web.config listed below is from the real app with the appsettings and connectionstrings removed. Real App Test Master Page:
<%@ Master Language="C#" AutoEventWireup="true" CodeFile="aaaMasterPage.master.cs" Inherits="L1Admin.aaaMasterPage" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
<script type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<asp:ContentPlaceHolder id="head" runat="server">
</asp:ContentPlaceHolder>
</head>
<body>
<form id="form1" runat="server">
<asp:ScriptManager ID="scriptManager" EnablePartialRendering="true" runat="server" AsyncPostBackTimeout="180" />
<div>
<asp:ContentPlaceHolder id="content" runat="server">
</asp:ContentPlaceHolder>
</div>
</form>
</body>
</html>
Test Page:
<%@ Page Language="C#" MasterPageFile="~/aaaMasterPage.master" AutoEventWireup="true" CodeFile="aaaFileUploadTest2.aspx.cs" Inherits="aaaFileUploadTest2" Title="Untitled Page" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="ajax" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
<script type="text/javascript">
function pageLoad(sender, args) {
}
function startUpload(sender,args)
{
$('#uploadMessage p').html();
$('#uploadMessage').hide();
}
function uploadComplete(sender,args)
{
showUploadMessage(args.get_fileName() + " uploaded succesfully - " + + args.get_length() + " bytes", '');
}
function uploadError(sender, args)
{
showUploadMessage("An error occurred during uploading. " + args.get_errorMessage(), '#ff0000');
}
function showUploadMessage(text, color)
{
$('#uploadMessage p').html(text).css('color', color);
$('#uploadMessage').show();
}
</script>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="content" Runat="Server">
<div id="uploadMessage"><p></p></div>
<ajax:AsyncFileUpload ID="pageBannerUpload"
CssClass="file_upload"
OnClientUploadError="uploadError"
OnClientUploadStarted="startUpload"
OnClientUploadComplete="uploadComplete"
onuploadedcomplete="upload_UploadedComplete"
runat="server" />
</asp:Content>
Real App Test Page Code Behind:
using System;
using System.IO;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
public partial class aaaFileUploadTest2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void upload_UploadedComplete(object sender, AjaxControlToolkit.AsyncFileUploadEventArgs e)
{
if (pageBannerUpload.HasFile)
{
string path = MapPath("~/") + Path.GetFileName(e.filename);
pageBannerUpload.SaveAs(path);
}
}
}
Real App Test Web.config:
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
WindowsMicrosoft.NetFrameworkv2.xConfig
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
</appSettings>
<connectionStrings>
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
<codeSubDirectories>
<add directoryName="CSCode"/>
<add directoryName="VBCode"/>
</codeSubDirectories>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="Annsa" namespace="Annsa.Controls" assembly="Annsa.Controls"/>
</controls>
<namespaces>
<add namespace="Microsoft.VisualBasic"/>
<add namespace="System.Data"/>
<add namespace="System.Drawing"/>
</namespaces>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpModules>
<identity impersonate="true"/>
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<!-- SESSION STATE SETTINGS
mode="Off|InProc|StateServer|SqlServer"
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<xhtmlConformance mode="Legacy"/>
</system.web>
<location path="Pages">
<system.web>
<xhtmlConformance mode="Transitional"></xhtmlConformance>
</system.web>
</location>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="OptionInfer" value="true"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<remove name="ScriptHandlerFactory"/>
<remove name="ScriptHandlerFactoryAppServices"/>
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
View 3 Replies