Webservice Account Permissions "Gotcha"
For a project, an internal customer wanted to utilize web services for file reading and writing. Both the file write and read services were utilizing a System.IO.FileStream object, invoking the object's Read and Write methods. Since the location that the web services would be reading and writing from is a network share, two domain accounts were setup and given read, and you guessed it, write permissions each respectively to the share.

Then, Application Pools were setup on the (Windows 2003 with SP1) server, with the read and write web services, with the afore mentioned domain accounts, one app pool for each of the web services with the identity set to the appropriate domain account. For example, the web service that would be reading the files from the network share was set to use the application pool that was set up with the identity of the domain account with read permissions.

The “gotcha” that we encountered was that the accounts that the web services were utilizing needed modify permissions on the server <WindowsFolder>/temp folder in order to generate serialization proxies.

For more info go to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp

Here was the error we were getting:


System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.UnauthorizedAccessException: DomainAccountHere
at
System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, CompilerParameters parameters, Evidence evidence)
at
System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, CompilerParameters parameters, Assembly assembly, Hashtable assemblies)
at
System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
at
System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings, Type type)
at
System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings)
at
System.Web.Services.Protocols.SoapServerType..ctor(Type type, ProtocolsEnum versionsSupported)
at
System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at
System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
--- End of inner exception stack trace ---
ExceptionStackTrace:
at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

Once we set the domain accounts to have modify permissions on the <WindowsFolder>/temp folder, C:\Windows\Temp in our case, all worked well.

Valid XHTML 1.0 Transitional