WCF 部署到 IIS 6 导致 403 权限错误
我以前从未将 WCF 服务部署到 IIS 6。我有一个服务,我正在使用默认配置将其部署到 IIS 6 作为 WCF 项目的一部分。此后我简化了配置,认为这可能是问题所在。如果我在浏览器中浏览该服务,则会出现以下错误:
HTTP 错误 403.1 - 禁止:执行 访问被拒绝。
我的配置现在如下所示:
<system.serviceModel>
<services>
<service name="MyCompany.WebServices.MyService">
<endpoint address="" binding="basicHttpBinding" contract="MyCompany.WebServices.IMyService" />
</service>
</services>
</system.serviceModel>
如果我尝试将其添加为 ASP.NET MVC 中的引用,我会得到以下结果:
下载时出错 'http://ws.mycompany.com/MyService.svc'。 请求失败,状态为 HTTP 403:禁止。元数据包含一个 无法解决的参考: 'http://ws.mycompany.com/MyService.svc'。 HTTP 请求被禁止 客户端认证方案 '匿名的'。远程服务器 返回错误:(403) 禁止。如果 该服务定义在当前 解决方案,尝试构建解决方案 并添加服务参考 再次。
有什么想法可能会发生什么吗?
更新:
这似乎是我的 IIS 6 机器上的配置问题。我之所以这么认为,是因为我创建了一个全新的 ASP.NET 3.5 WCF 应用程序并将其部署到新的 URL http://ws.unitedoneresources.com/Service1.svc。如果我尝试调用该服务,我会收到上面列出的相同 HTTP 错误。整个服务配置如下:
<system.serviceModel>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="WcfService1.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
同样,这是一个全新的 ASP.NET 3.5 WCF 应用程序,因此我没有对项目本身进行任何修改。
I've never deployed a WCF service to IIS 6 before. I've got a service that I'm deploying to IIS 6 by using the default configuration as part of the WCF project. I since simplified the configuration thinking that might have been the issue. Here is the error I'm getting if I browse to the service in a browser:
HTTP Error 403.1 - Forbidden: Execute
access is denied.
My configuration now looks like this:
<system.serviceModel>
<services>
<service name="MyCompany.WebServices.MyService">
<endpoint address="" binding="basicHttpBinding" contract="MyCompany.WebServices.IMyService" />
</service>
</services>
</system.serviceModel>
If I try adding it as a reference in ASP.NET MVC, I get the following:
There was an error downloading
'http://ws.mycompany.com/MyService.svc'.
The request failed with HTTP status
403: Forbidden. Metadata contains a
reference that cannot be resolved:
'http://ws.mycompany.com/MyService.svc'.
The HTTP request was forbidden with
client authentication scheme
'Anonymous'. The remote server
returned an error: (403) Forbidden. If
the service is defined in the current
solution, try building the solution
and adding the service reference
again.
Any ideas what might be going on?
UPDATED:
It appears to be a configuration issue on my IIS 6 box. I'd assume this because I've created a brand new ASP.NET 3.5 WCF Application and deployed it to a new URL at http://ws.unitedoneresources.com/Service1.svc. If I try to call that service, I get the same HTTP Error listed above. The entire service configuration is the following:
<system.serviceModel>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="WcfService1.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Again, this is a brand new ASP.NET 3.5 WCF Application so I haven't modified anything on the project itself.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我搞砸了网站,在 IIS 6 上安装了 WCF(在命令提示符下使用 ServiceModelReg.exe /i /x),然后重新部署。成功了!
谢谢!
I wacked the I wacked the website, installed WCF on IIS 6 (using ServiceModelReg.exe /i /x at a command prompt), and redeployed. It worked!
Thanks!
发现这个问题正在寻找同一问题的解决方案。我忘记更改服务目录上“脚本和可执行文件”的权限。我当时是II7
Found this question searching for a solution to the same problem. I had forgotten to changes permissions to 'Scripts and Executables' on the services directory. I was on II7
您并没有真正给我们提供太多信息 - 缺少的是向我们展示如何设置安全性的服务器端配置位 - 您能否更新您的问题并向我们展示所有内容服务器端配置和调用服务器的客户端上的
仅从系统默认值猜测,使用 basicHttpBinding 会导致默认安全设置为空 - 并且看起来好像您的服务器端配置需要某种形式的安全性。看起来您的安全设置似乎不同步,从而导致了此错误。
还有一点是:你的IIS端是怎么设置的?您是否为您的服务创建了虚拟目录?基本上,当托管在 IIS 中时,您的服务 URL 由服务器名称(可能还包括端口)、*.svc 文件所在的虚拟目录以及 svc 文件本身的名称和扩展名决定。
You don't really give us a lot to go on here - what's missing are the server side configuration bits that show us how you set up security - can you please update your question and show us everything inside the
<system.serviceModel>tag on your server side config and on your client calling the server??Just guessing from the system defaults, using the
basicHttpBindingwould result in a default security setting of nothing - and it would appear as if your server-side config requires some form of security. It almost seems as if your security settings are out of sync, thus resulting in this error.Another point is: how did you set up the IIS side? Did you create a virtual directory for your service? Basically, when hosting in IIS, your service URL is determined by server name (plus possibly the port), the virtual directory your *.svc file lives in, and the name and extension of the svc file itself.
我们有类似的症状,但仅限于 IIS 6.0 下的 PUT 和 DELETE 动词。
默认情况下,我们的 IIS 应用程序中的 .svc 扩展名仅允许 GET、POST 动词。
为应用程序的 .svc 扩展名添加动词(或允许所有动词)解决了该问题。
We had similar symptoms, but only with PUT and DELETE verbs under IIS 6.0.
By default, the .svc extension within our IIS application was only allowing GET, POST verbs.
Adding the verbs (or allowing all verbs) for the .svc extension for the application fixed the issue.