I am trying to debug a simple web service. I have IIS 7 installed on my development machine (Windows 7), and have installed the web service. I can access it from my development machine, but not from any other machine in the local network.
I opened the firewall to HTTP access, and I can access the default website from other machines, so it is not the firewall.
What security settings should I look at to try to allow devices on the LAN to access the web service?
Asked
Active
Viewed 1,498 times
3
Aharon Manne
- 131
- 4
-
1How are you accessing it from other machines? You're not using `http://localhost` are you? Also, what error / response code are you getting? – squillman Aug 02 '12 at 14:30
-
I'm using the LAN IP address: 192.168.2.102. Again, just entering that address gives me the default IIS 7 web page. Adding 192.168.2.102:8080/api/results (which works on the local machine) gets no response. Wireshark shows that the client is sending a TCP SYN frame, and there is no response. Do I have to open something besides HTTP in the firewall? – Aharon Manne Aug 02 '12 at 14:44
-
Turned off the firewall entirely, and still no joy. – Aharon Manne Aug 02 '12 at 14:46
-
Is your web service running in a different actual web site than the default website? – squillman Aug 02 '12 at 14:50
-
Yes it is. It is a separate web site under IIS – Aharon Manne Aug 02 '12 at 14:52
-
What type of web service? Is it a traditional ASMX,WCF, REST, ...? – Greg Askew Aug 03 '12 at 13:25
-
Sorry @Greg, I didn't see your comment. This is a simple REST service, based on the example in the asp.net site [Web-API](http://www.asp.net/web-api/overview/creating-web-apis/creating-a-web-api-that-supports-crud-operations). – Aharon Manne Aug 16 '12 at 06:51
-
@AharonManne: ok, I wanted to clarify as WCF has a lot of information that may be in the web.config, and a truckload of xml files. I would make sure that when you are testing the web service, you are in fact using IIS, and not the Cassini web server that is part of Visual Studio. Cassini definitely cannot accept connections from other hosts. – Greg Askew Aug 16 '12 at 13:48
-
Thanks Greg. As I noted, the default website is available from other machines, and VS was not running when I tested the service. – Aharon Manne Aug 20 '12 at 06:02
3 Answers
1
Check the bindings on the web site your web service is running under and make sure it has a binding for 192.168.2.102 on port 8080. Also, make sure your default web site does not have a binding for 192.168.2.102 on port 8080. In all of that, make sure you don't have any wildcard bindings on the default web site that would match 192.168.2.102 on port 8080.
squillman
- 37,883
- 12
- 92
- 146
-
The default website has bindings for 808:* and *. Would these interfere? I will remove them and see what happens. – Aharon Manne Aug 02 '12 at 15:03
-
-
808:* will not match 8080. Is the other one (*) for port 80? If so, then that one should be fine to keep as well. – squillman Aug 02 '12 at 15:06
-
Did you check the bindings on the other site to make sure there is an http binding for port 8080? – squillman Aug 02 '12 at 15:06
-
The binding for my web service is 192.168.2.102:8080. I disabled the default website, and that didn't change anything. – Aharon Manne Aug 02 '12 at 15:15
-
-
(Sorry, the system wants to move this to chat, but I don't have enough rep points) – Aharon Manne Aug 02 '12 at 15:40
-
The error is a timeout. This makes sense, as Wireshark (sniffer) is showing absolutely no response from the server. Also, there are no entries in the Event Viewer, and there are no entries in the log for the relevant time period. – Aharon Manne Aug 02 '12 at 15:43
-
When you opened the firewall for HTTP, did you include port 8080 in that rule? – squillman Aug 02 '12 at 15:57
-
Added a rule to open 8080, no joy. This makes sense, as disabling the firewall also failed to help. – Aharon Manne Aug 02 '12 at 16:05
-
Sorry, just getting back. If you do a `netstat -an` on the IIS machine to you see an entry for 192.168.2.102:8080? – squillman Aug 02 '12 at 19:07
-
Yes I do. This is also logical, since the web service responds when I query from the local machine (using the IP address, not localhost). – Aharon Manne Aug 02 '12 at 19:31
-
Oops. I see 0.0.0.0:8080, and 0.0.0.0:80 for the default website. – Aharon Manne Aug 02 '12 at 19:34
-
-
0
This isn't an answer yet, but I couldn't figure out how to add screenshots to a comment.
Default website bindings (works). 
Web service binding (works only locally):
Aharon Manne
- 131
- 4
-
I was pretty sure that the issue was permissions, so I did a point by point comparison of the default website permissions with my web service. That led me to add IIS_IUSRS to the list of users, but still no joy. @squillman, if you have any more ideas, I'd be glad to hear about them. – Aharon Manne Aug 07 '12 at 10:46
-
Further, comparison if ASP.NET authorization and IIS authentication did not yield any differences between the site that responds, and the site that doesn't. I still think it's a security issue. – Aharon Manne Aug 07 '12 at 10:53
-
Both the default website and the webservice use an application pool that I defined. The application pool defines the Identity as NetworkService. The default site does not inclue permissions for Network Service, but my webservice does. Nonetheless, it is possible to access the default site, but not my webservice. – Aharon Manne Aug 13 '12 at 10:31
-
You are supposed to edit your original question with new information, not post an answer. – icelava Nov 06 '14 at 09:46
0
In the end, it was the firewall. In other words, turning off the firewall makes the service available. For my test purposes, that is good enough.
Aharon Manne
- 131
- 4