Good morning list, I am having trouble setting up URL ACLs that allow some web apps in IIS Express and some in-process WCF services to be hosted simultaneously.
Some background: The web apps and WCF services are hosted over HTTPS, port 44300 (in separate paths, naturally). The WCF bindings are WSHttpBinding. The base addresses for my WCF services have hostnames, not "+" or "*" wildcards. My host name is "heptagon". My development OS is Windows 7. My experiments: 1. With no URL ACLs, IIS Express will bind to localhost but nothing else. The WCF services do not work at all. 2. With the following ACL, https://+:44300/ ...the WCF services work but IIS Express fails with "Failed to register URL - access is denied" for every application and halts. For IIS Express, this is worse than no ACLs at all. 3. With the following ACLs, https://localhost:44300/ https://heptagon:44300/ ...the web apps in IIS Express start fine but none of the WCF services start, throwing a System.ServiceModel.AddressAccessDeniedException. What is also unexpected is that the exception message mentions a URL binding with the "+" wildcard, even though I did not specify wildcards in any of the binding base addresses. 4. With both sets of ACLs, the result is a mixture of all three scenarios: IIS Express fails to bind all non-localhost and all HTTPS URLs, but WCF services work. 5. At some point I also had the situation where IIS Express claimed that all the apps were registered, but only the plain HTTP endpoints were working. The HTTPS endpoints all gave HTTP 503 "Service unavailable". I can't reproduce this scenario any more. Can anybody tell me the "right" way to set this up? I am also concerned for production where I intend to deploy all the web apps to IIS proper, the WCF services as Windows services, and have everything hosted over HTTPS with the customer's own cert on port 443. "Run WCF services on a different port than IIS" is doable but a last resort because it complicates my certificate deployment situation for HTTPS. "Run as Administrator" is unacceptable. Is it just me or are URL ACLs a preposterous measure? I never heard of such a thing on other platforms. Thanks in advance, -- Thomas Koster
