ASP.NET - IIS7 Deployment Error 500 24 50 using WCF Web Service Binding w/ AD Groups

Question

Background: I am getting a Internal Server 500 24 50 error after deploying an application that has compiled without errors on my local machine. The server that the application is deployed on has a ton of security and is running IIS 7.5 so I need to specify read and write access for every directory. This application uses windows authentication and a web service to populate drop down boxes via a proxy. I think there might be an issue connecting to the web service or an issue with the read/write security on the files, or an issue with the active directory authentication.

For some reason, Internet Explorer just displayed can't load webpage Error.

Error in Google Chrome:

 500 – Internal Server Error.
 There is a problem with the resource you are looking for, and it cannot be displayed. 

Log File Details:

 #Software: Microsoft Internet Information Services 7.5
 #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

 2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 - 
 172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
 +Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
 invitations.myagencyservices.com 500 24 50 1380 368 15

MSDN Defines the error at http://support.microsoft.com/kb/943891 as:

  500.24 - An ASP.NET impersonation configuration does not apply in Managed 
           Pipeline mode.

Web.Config code:

  <system.web>
  <customErrors mode="Off" ></customErrors>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <trace enabled="true" pageOutput="true" />


  <authentication mode="Windows"/> 
  <identity impersonate="true"/>  

    <authorization>          
    <allow users="alg\bmccarthy, alg\phoward" />               
    <allow roles="alg\ACOMP_USER_ADMIN" />
    <allow roles="alg\ACOMP_user_AMG" />
    <allow roles="alg\ACOMP_user_BIG" />
    <allow roles="alg\ACOMP_user_NIS" />
    <allow roles="alg\ACOMP_user_GLA" />
    <allow roles="alg\ACOMP_user_PIP" />
    <allow roles="alg\ACOMP_user_PSM" />
    <allow roles="alg\ACOMP_user_PAM" />
    <allow roles="alg\ACOMP_user_ANN" />
    <allow roles="alg\ACOMP_user_AAM" />
    <allow roles="alg\ACOMP_user_MWM" /> 
    <allow roles="alg\ACOMP_user_GIM" />
    <deny users="*" />      
  </authorization> 
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <system.serviceModel>
    <bindings>
    <basicHttpBinding>
    <binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="None">
        <transport clientCredentialType="None" proxyCredentialType="None"
          realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>
      </binding>
   </basicHttpBinding>
  </bindings>

    <client>
        <endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
    name="BasicHttpBinding_IAcompService1" />
    </client>
  </system.serviceModel>

Any suggestions will be up-voted! Thanks for looking!

Answer 1

The 500.24.50 Error occurs because ASP.NET Integrated mode is unable to impersonate the request identity in the BeginRequest and AuthenticateRequest pipeline stages. 500.24 is thrown if your application is running in integrated mode, validateIntegratedModeConfiguration is not declared or set to true, and your application has identity impersonate set to true.

Workaround

A. If your application does not rely on impersonating the requesting user in the BeginRequest and AuthenticateRequest stages (the only stages where impersonation is not possible in Integrated mode), ignore this error by adding the following to your application’s web.config:

  <system.webServer>
          <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>

B. If your application does rely on impersonation in BeginRequest and AuthenticateRequest, or you are not sure, move to Classic mode.

C. remove from web.config which won't be effective in integrated mode anyway

Read more on Breaking Changes in IIS 7 from LEARN.IIS.NET