ASP.NET - IIS7 Deployment Error 500 24 50 using WCF Web Service Binding w/ AD Groups

Background: I am getting a Internal Server 500 24 50 error after deploying an application that has compiled without errors on my local machine. The server that the application is deployed on has a ton of security and is running IIS 7.5 so I need to specify read and write access for every directory. This application uses windows authentication and a web service to populate drop down boxes via a proxy. I think there might be an issue connecting to the web service or an issue with the read/write security on the files, or an issue with the active directory authentication.

For some reason, Internet Explorer just displayed can't load webpage Error.

Error in Google Chrome:

 500 – Internal Server Error.
 There is a problem with the resource you are looking for, and it cannot be displayed. 

Log File Details:

 #Software: Microsoft Internet Information Services 7.5
 #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

 2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 - 
 172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
 +Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
 invitations.myagencyservices.com 500 24 50 1380 368 15

MSDN Defines the error at http://support.microsoft.com/kb/943891 as:

  500.24 - An ASP.NET impersonation configuration does not apply in Managed 
           Pipeline mode.

Web.Config code:

  <system.web>
  <customErrors mode="Off" ></customErrors>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <trace enabled="true" pageOutput="true" />


  <authentication mode="Windows"/> 
  <identity impersonate="true"/>  

    <authorization>          
    <allow users="alg\bmccarthy, alg\phoward" />               
    <allow roles="alg\ACOMP_USER_ADMIN" />
    <allow roles="alg\ACOMP_user_AMG" />
    <allow roles="alg\ACOMP_user_BIG" />
    <allow roles="alg\ACOMP_user_NIS" />
    <allow roles="alg\ACOMP_user_GLA" />
    <allow roles="alg\ACOMP_user_PIP" />
    <allow roles="alg\ACOMP_user_PSM" />
    <allow roles="alg\ACOMP_user_PAM" />
    <allow roles="alg\ACOMP_user_ANN" />
    <allow roles="alg\ACOMP_user_AAM" />
    <allow roles="alg\ACOMP_user_MWM" /> 
    <allow roles="alg\ACOMP_user_GIM" />
    <deny users="*" />      
  </authorization> 
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <system.serviceModel>
    <bindings>
    <basicHttpBinding>
    <binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="Stro开发者_开发知识库ngWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="None">
        <transport clientCredentialType="None" proxyCredentialType="None"
          realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>
      </binding>
   </basicHttpBinding>
  </bindings>

    <client>
        <endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
    name="BasicHttpBinding_IAcompService1" />
    </client>
  </system.serviceModel>

Any suggestions will be up-voted! Thanks for looking!

The 500.24.50 Error occurs because ASP.NET Integrated mode is unable to impersonate the request identity in the BeginRequest and AuthenticateRequest pipeline stages. 500.24 is thrown if your application is running in integrated mode, validateIntegratedModeConfiguration is not declared or set to true, and your application has identity impersonate set to true.

Workaround

A. If your application does not rely on impersonating the requesting user in the BeginRequest and AuthenticateRequest stages (the only stages where impersonation is not possible in Integrated mode), ignore this error by adding the following to your application’s web.config:

  <system.webServer>
          <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>

B. If your application does rely on impersonation in BeginRequest and AuthenticateRequest, or you are not sure, move to Classic mode.

C. remove from web.config which won't be effective in integrated mode anyway

Read more on Breaking Changes in IIS 7 from LEARN.IIS.NET

UPDATE:

Did a little more digging and you actually have the service mis-configured. This MSDN article explains how to configure basicHttpBinding for Windows authentication. Basically, the basicHttpBinding element needs to look like this:

  <basicHttpBinding>
    <binding name="BasicHttpEndpointBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>

Original answer:

Below is something to try from the information in this article. Since your service uses impersonation for authorization it looks like you'll need to use the ASP.NET classic mode pipeline configuration of the AppPool for this service. You may want to research how impersonation is supported in the new Integrated mode pipeline and see why your service is failing to comply with it since Integrated mode is prefered.

You will receive a 500 - Internal Server Error. This is HTTP Error 500.24: An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode. This occurs because ASP.NET Integrated mode is unable to impersonate the request identity in the BeginRequest and AuthenticateRequest pipeline stages. Workaround

B. If your application does rely on impersonation in BeginRequest and AuthenticateRequest, or you are not sure, move to Classic mode.

Important: Make sure that you have installed ASP.NET on your machine; if not or if in doubt, run the following command:

> c:\Windows\Microsoft.NET\Framework\vX.X.XXXXX\aspnet_regiis.exe /i