"Configuring Services with Endpoints" Demo Fails For Me (Microsoft/endpoint.tv/Pluralsight)

10.6k views Asked by At

I'm trying to follow along with the demo videos on the beginners to WCF page on MSDN.

The first video worked more or less fine. I'm now towards the end of the second video. I am using VS2010 / .NET 4.0, whereas the video seems to be using VS2008 (I'm assuming .NET 3.5, but I don't recall).

I'm using the following demo

We've just added 3 more end points: a plain http, net.tcp, and net.pipe. When I try to run the project now the Web service fails to start.

System.InvalidOperationException: Cannot load the X.509 certificate identity specified in the configuration.
   at System.ServiceModel.Description.ConfigLoader.LoadIdentity(IdentityElement element)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, ServiceElement serviceSection)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, String configurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost.InitializeDescription(Type serviceType, UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at Microsoft.Tools.SvcHost.ServiceHostHelper.CreateServiceHost(Type type, ServiceKind kind)
   at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)

Based on my Google fu, I came across this thread: "Cannot load the X.509 certificate identity specified in the configuration"

I really didn't want to get involved in certificates just yet since I'm still just experimenting with the basics so I followed the advice in that post and just added the <dns value="localhost" /> tag. The exception changes:

Please try changing the HTTP port to 8732 or running as Administrator.
System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8080/EvalService/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   --- End of inner exception stack trace ---
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.DatagramChannelDemuxer`2.OnOuterListenerOpen(ChannelDemuxerFilter filter, IChannelListener listener, TimeSpan timeout)
   at System.ServiceModel.Channels.SingletonChannelListener`3.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocolFactory.Open(String propertyName, Boolean requiredForForwardDirection, SecurityTokenAuthenticator authenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open()
   at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)
System.Net.HttpListenerException (0x80004005): Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()

So, I tried doing what it said: changing the port to be 8732, but the exception is still thrown, this time saying Please try changing the HTTP port to 8732...HTTP could not register URL http://+:8732/EvalService/.... :P

I've tried commenting out the new end points to no avail. Even the original ones fail with this error. Doesn't matter either if I put them back to the original port [not so] 1337.

Here's the App.config, and nothing stands out as problematic:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="EvalServiceLibrary.EvalService">
        <clear />
        <endpoint address="ws" binding="wsHttpBinding" contract="EvalServiceLibrary.IEvalService"
          listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"
          listenUriMode="Explicit">
          <identity>
              <dns value="localhost" />
              <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="basic" binding="basicHttpBinding" contract="EvalServiceLibrary.IEvalService"
          listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="net.tcp://localhost:8888/EvalService" binding="netTcpBinding"
          contract="EvalServiceLibrary.IEvalService" listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="net.pipe://localhost/EvalService" binding="netNamedPipeBinding"
          bindingConfiguration="" contract="EvalServiceLibrary.IEvalService" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8080/EvalService" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

What is wrong / how do I fix it?

6

There are 6 answers

0
bambams On BEST ANSWER

A seemingly working solution for the latter of the two problems above (the HTTP could not register URL one) can be found in the VS2010 Training Kit posted in the comments of Gabobcat's answer (by him).

In the 4th exercise, "Ex4-ServiceDiscovery", you are given what appears to be a chat application that uses WCF services to communicate between two clients. It uses a discovery feature to find peers on the network. Long story short, the same exception occurs when you initially try running the completed application (after filling in the discovery events as laid out in the exercise). Bundled with the Training Kit is a couple of batch scripts (which AFAICT uses Microsoft's "open source" license so I should be able to share these scripts) to set or delete "URL ACLs". In practice, they appear to only be a single (useful) command:

File: AddURLACL.cmd

@Echo Off
@Echo Grant permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http add urlacl url=http://+:%1/%2 user=%USERDOMAIN%\%USERNAME%

File: DelURLACL.cmd

@Echo Off
@Echo Deletes permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http delete urlacl url=http://+:%1/%2

Obviously, the netsh commands are the only ones that matter. The example project has you use the following command (from a "Run as Administrator" Command Prompt window) to "fix" this exception:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Setup\AddURLACL.cmd 8000

(I used the absolute path just to show you where in the Training Kit you could find these scripts; personally I was in the WhatsNewInWCF4\Source directory when I did this)

The string 8000 only occurs 1 time throughout this project:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Ex4-ServiceDiscovery\Begin\C#>findstr /n /s "8000" *
DiscoveryChat\SimpleChat.cs:376:            this.localAddress = new Uri("http://localhost:8000/" + Guid.NewGuid().ToString());

It appears that port 8000 is the port that the chat clients are trying to launch a service host on (don't ask me how they all share it...I assume that the ServiceHost class they use is intelligent enough to reuse an existing service...).

I haven't experimented thoroughly with this yet, but it seems to have "fixed" my EvalService project (when I changed the port to 8000). That is currently with most endpoints removed (only the basicHttpBinding endpoint left) and the baseAddress set to localhost:8000.

Let me know if this works for you too.

0
quoc On

To run as an administrator, right click Visual Studio and select Run as Administrator from the context menu. To run as administrator all the time, right click Visual Studio, then go to properties in the context menu Got to the compatibility tab, then select Run this program as an administrator.

12
Gabe Thorns On

The problem is in your configuration. You are referencing the certificates in your endpoints. Either you remove them:

<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectDistinguishedName" />

Or you place some certificates in your certificate store. I recomend removing the "identity" configuration sections at this point, until you learn a bit more abour WCF. Try staying just on basic endpoint configuration for starters, and work your way from the point in which you understand the basics of WCF. WCF gives you a large (really large) set of configuration options depending on your specific needs.

Maybe these links help you go into WCF better that the videos you have been watching:

Hope this helps.

0
Sudipto Kumar Mukherjee On

I was frustated with the same issue. Finally I found the solution by myself by running the Visual Studio as Administrator by right clicking Visual Studio 2010 and choosing 'Run As Administrator'.

0
Tom Stickel On

Thought I would add an updated consolidated answer from what I was reading.

While we can all go to great lengths to allow permissions with the certificate, most of the people reading this are really just wanting to get the WCF endpoints up and running ASAP.

Thus a few choices.

1. sudipto-kumar-mukherjee above states "I was frustated with the same issue. 
Finally I found the solution by myself by running the Visual Studio as Administrator 
by right clicking Visual Studio 2010 and choosing 'Run As Administrator'."   
--> Yes,  this     will work.
OR
2. nasp.tech response with 
"Doesn't Work"
<add baseAddress="http://localhost:8732/AMessageService" />
"Works!"
<add baseAddress="http://localhost:8732/Design_Time_Addresses/AMessageService" />

Either of these seems to be the fastest ways to get up and running with this issue.

1
nasp.tech On

I too followed the same webcast and had the same problems. I got around the cert issue by commenting those entries out as suggested by others.

I corrected the "Please try changing the HTTP port to 8732 or running as Administrator" by adding "Design_Time_Addresses" back into my url

Doesn't Work

<add baseAddress="http://localhost:8732/AMessageService" />

Works!

<add baseAddress="http://localhost:8732/Design_Time_Addresses/AMessageService" />