Error:policy prohibits the request from completing
Hi,
I am facing a problem when accessing Web Services of forefront identity manager 2010 through separate .net application then comes follwing error:policy prohibits the request from completing. please tell me why this error come.
i have given all the credential for this application but i am not getting any response from web service of ForeFront Identity Manger 2010.
<client>
<!--ECGC-DC-IDMAH-D.DSU-ECGC.COM-->
<endpoint address="http://MachineName.COM:5725/ResourceManagementService/Resource"
binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource"
contract="Resource" name="ServiceMultipleTokenBinding_Resource">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
<!-- <userPrincipalName value="FIMService@fabrikam.com"/>-->
</identity>
</endpoint>
<endpoint address="http://MachineName.COM:5725/ResourceManagementService/ResourceFactory"
binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_ResourceFactory"
contract="ResourceFactory" name="ServiceMultipleTokenBinding_ResourceFactory">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
</identity>
</endpoint>
<endpoint address="http://MachineName.COM:5725/ResourceManagementService/Enumeration"
binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Enumeration"
contract="Enumerate" name="ServiceMultipleTokenBinding_Enumeration">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
</identity>
</endpoint>
<endpoint address="http://MachineName.COM:5725/ResourceManagementService/Alternate"
binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Alternate"
contract="Alternate" name="ServiceMultipleTokenBinding_Alternate">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
</identity>
</endpoint>
<endpoint address="http://MachineName.COM:5725/ResourceManagementService/MEX"
binding="wsHttpBinding" bindingConfiguration="MetadataExchangeHttpBinding_IMetadataExchange"
contract="IMEX"
name="MetadataExchangeHttpBinding_IMetadataExchange">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
</identity>
</endpoint>
<endpoint address="http://MachineName.COM:5726/ResourceManagementService/SecurityTokenService/Registration"
binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_SecurityTokenService"
contract="ISecurityTokenService"
name="ServiceMultipleTokenBinding_SecurityTokenService">
<identity>
<userPrincipalName value="DomainName\FIMService"/>
</identity>
</endpoint>
</client>
Regards
Anil Kumar
May 4th, 2012 3:03am
What are you trying to do, maybe there is no MPR defined within the portal that allows you to do what you want, can you give more information.
Maybe this link will help you:
http://social.technet.microsoft.com/Forums/en-GB/ilm2/thread/6f950fc9-3048-4859-bc4e-df61f82c1cd2
Need realtime FIM synchronization and advanced reporting? check out the new
http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 3:24am
Hi Paul,
Thank's for response
I want to read,update,insert value from forefront identity manager 2010 portal using webservice of forefront identity manager 2010 through separate asp.net applcation that i create in my local environment.
when i access FIM 2010 Web service in my asp.net application then comes follwing error:policy prohibits the request from completing.
and please tell me which MPR should be enable or defined for this process.because i enabled all the MPR that is reuired.
simply i want to call(how to use) web service of FIM 2010 in my asp.net application.
Regards
Anil Kumar
May 4th, 2012 5:32am
Did you already take a look at this example:
http://fim2010client.codeplex.com
It contains a working reference dll which makes communicating a lot easier (read strongly typed)
It really depends on what you are doing, are you only 'reading' information currently and what user account are you using to identify if you need additional MPR's, you can also use the MPR explorer to see if their is a missing MPR?
Need realtime FIM synchronization and advanced reporting? check out the new
http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 5:40am
In addition to what Paul says, you may find information about which MPR is blocking the request via the "Request History" in the portal.
May 8th, 2012 10:36am