When using WCF endpoint in Windows Azure it is possible you may receive the following exception:

 

(bc8.9a0): CLR exception - code e0434352 (first chance)

CLR exception type: System.Net.HttpListenerException

    "Access is denied"

(bc8.9a0): CLR exception - code e0434352 (first chance)

CLR exception type: System.ServiceModel.AddressAccessDeniedException

    "HTTP could not register URL http://+:20001/WCFEp/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details)."

ModLoad: 000007fe'f4760000 000007fe'f484a000   D:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll

Exception: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:20001/WCFEp/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied

   at System.Net.HttpListener.AddAllPrefixes()

   at System.Net.HttpListener.Start()

   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()

   --- End of inner exception stack trace ---

   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()

   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)

   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)

   at System.ServiceModel.Channels.HttpChannelListener.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at XSWorker.WorkerRole.Run() in C:\Azure\WCFWorkerApp\WorkerRole.cs:line 31

 

 


The problems happened because Windows Azure is very specific when granting listening right on a port. In you run the following command in Windows Azure VM


>  netsh http show urlacl


You will see the following:

   Reserved URL            : http://<Azure_VM_IP_ADDRESS>:20001/

       User: CIS\abb03d2d-12c6-2342-a23b-ae45f1233a21

           Listen: Yes

           Delegate: No

           SDDL: D:(A;;GX;;;S-<GUID>)


In WCF, opening HttpListener for ServiceHost specifies wildcard URL http://+:20001/<YourService>/, which is exceeding the limit what is granted by Windows Azure and you received an exception.


Solution:

When you are creating WCF binding please use HostNameComparisonMode = HostNameComparisonMode.Exact option- this way you are letting WCF to specify complete URL, and not the wildcard when starting the listener. Works for


There is a catch in this solution as this applies to internal endpoints only because IP address will be visible for only internal endpoints. A WCF connection request will be generated from external endpoint will come through Load Balancer and this request will not know the internal endpoint IP address so request headers will not match the service's IP Address & Port exactly and this will cause WCF to reject connection for external endpoints.


References:

http://social.msdn.microsoft.com/Forums/en/windowsazure/thread/c7d913b0-8485-4acb-b66e-c072877083e0

http://social.msdn.microsoft.com/Forums/en/windowsazure/thread/7a767e63-aca7-4ad2-a5c1-afee8cbe041f