Guidelines for Resolving Web Services Permissions Problems
Microsoft BizTalk Server makes extensive use of Web services for use with the SOAP adapter and when publishing orchestrations as Web services. This topic provides some general guidelines for minimizing Web services permissions problems and steps that you can follow to troubleshoot Web services permissions problems that affect BizTalk Server.
Setting user accounts: Ensure that the IIS application host process identity associated with the virtual directory that hosts the Web service is set to a specific user account and ensure that this user account is added to the following groups:
BizTalk Isolated Host Users (domain or local group)
IIS_WPG (local group)
- BizTalk Isolated Host Users (domain or local group)
Setting permissions on the folder specified by the TEMP environment variable: Ensure that the IIS application host process identity for the virtual directory that hosts the Web service has read and write permissions to the folder specified by the TEMP environment variable. To determine the folder that is specified by the TEMP environment variable open a command prompt on the BizTalk Server, type the following command, and then press ENTER:
Sending credentials in the SOAP method call: Ensure that the Web service client is sending credentials in the SOAP method call. By default IIS 7.0 in Windows Server 2008 SP2 requires windows authentication. When testing a Web service with Internet Explorer, the credentials of the user who is currently logged on are automatically sent which is why the Web service may work from Internet Explorer but fail from another client. If the Web service client does not add credentials to the SOAP method call a SOAP exception will be generated due to an authentication failure. For more information about sending credentials in a SOAP method call see the sample code available in How to use the new System.Net classes to create an HTTP client.
Troubleshooting errors calling a Web service: If errors occur when calling a Web service, check the Application log, or message event and service instance tracking through the BizTalk Server Administration Group Hub page. For more information about the possible causes of the error, see Monitoring BizTalk Server and Using the Group Hub Page.
Collecting debugging information: To obtain detailed debugging information, follow the steps outlined in the topic Debugging Published Web Services if following the steps above does not resolve the issue.
For additional information on known issues with BizTalk Server related to Web services permissions, see "You cannot call an orchestration that is exposed as a Web service on a server that is running BizTalk Server" at http://go.microsoft.com/fwlink/?LinkId=196379.
© 2010 Microsoft Corporation. All rights reserved.