Hi, I am facing a problem when accessing Web Services of forefront identity manager 2010 through separate .net application then comes follwing error:policy prohibits the request from completing. please tell me why this error come. i have given all the credential for this application but i am not getting any response from web service of ForeFront Identity Manger 2010. <client> <!--ECGC-DC-IDMAH-D.DSU-ECGC.COM--> <endpoint address="http://MachineName.COM:5725/ResourceManagementService/Resource" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource" contract="Resource" name="ServiceMultipleTokenBinding_Resource"> <identity> <userPrincipalName value="DomainName\FIMService"/> <!-- <userPrincipalName value="FIMService@fabrikam.com"/>--> </identity> </endpoint> <endpoint address="http://MachineName.COM:5725/ResourceManagementService/ResourceFactory" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_ResourceFactory" contract="ResourceFactory" name="ServiceMultipleTokenBinding_ResourceFactory"> <identity> <userPrincipalName value="DomainName\FIMService"/> </identity> </endpoint> <endpoint address="http://MachineName.COM:5725/ResourceManagementService/Enumeration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Enumeration" contract="Enumerate" name="ServiceMultipleTokenBinding_Enumeration"> <identity> <userPrincipalName value="DomainName\FIMService"/> </identity> </endpoint> <endpoint address="http://MachineName.COM:5725/ResourceManagementService/Alternate" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Alternate" contract="Alternate" name="ServiceMultipleTokenBinding_Alternate"> <identity> <userPrincipalName value="DomainName\FIMService"/> </identity> </endpoint> <endpoint address="http://MachineName.COM:5725/ResourceManagementService/MEX" binding="wsHttpBinding" bindingConfiguration="MetadataExchangeHttpBinding_IMetadataExchange" contract="IMEX" name="MetadataExchangeHttpBinding_IMetadataExchange"> <identity> <userPrincipalName value="DomainName\FIMService"/> </identity> </endpoint> <endpoint address="http://MachineName.COM:5726/ResourceManagementService/SecurityTokenService/Registration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_SecurityTokenService" contract="ISecurityTokenService" name="ServiceMultipleTokenBinding_SecurityTokenService"> <identity> <userPrincipalName value="DomainName\FIMService"/> </identity> </endpoint> </client> Regards Anil Kumar

What are you trying to do, maybe there is no MPR defined within the portal that allows you to do what you want, can you give more information. Maybe this link will help you: http://social.technet.microsoft.com/Forums/en-GB/ilm2/thread/6f950fc9-3048-4859-bc4e-df61f82c1cd2 Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

Hi Paul, Thank's for response I want to read,update,insert value from forefront identity manager 2010 portal using webservice of forefront identity manager 2010 through separate asp.net applcation that i create in my local environment. when i access FIM 2010 Web service in my asp.net application then comes follwing error:policy prohibits the request from completing. and please tell me which MPR should be enable or defined for this process.because i enabled all the MPR that is reuired. simply i want to call(how to use) web service of FIM 2010 in my asp.net application. Regards Anil Kumar

Did you already take a look at this example: http://fim2010client.codeplex.com It contains a working reference dll which makes communicating a lot easier (read strongly typed) It really depends on what you are doing, are you only 'reading' information currently and what user account are you using to identify if you need additional MPR's, you can also use the MPR explorer to see if their is a missing MPR? Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

In addition to what Paul says, you may find information about which MPR is blocking the request via the "Request History" in the portal.