I try to secure my WCF service by an AD based logon system. I've created an AD group named "TestUsers". My user account is member of that group. The WCF Service is hosted in IIS.
But i always get the exception "SecurityAccessDeniedException".
My WCF Service looks like:
Web.Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
IService1.cs (Service interface): Just one method:
string GetWelcomeMessage();
Service1.svc.cs:
public class Service1 : IService1
{
[PrincipalPermission(SecurityAction.Demand, Role = @"mydomain\TestUsers")]
public string GetWelcomeMessage()
{
return "hello world";
}
}
Any ideas what's wrong???
Any help would be greatly appreciated.