MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Web Service Returns HTTP 500 Error

  Asked By: Cameron    Date: Oct 05    Category: MOSS    Views: 7150

I have been writing webparts that consume Silverlight and run on MOSS.
Within this Silverlight webpart I am displaying the pictures stored
withinn a MOSS Picture Library. In order to get the picture URL's from
the Picture Library passed to the Silverlight Xaml, I have written a
Web Service. This web service runs great when I am debugging the
source and returns the valid URL's from the MOSS picture library in a

I have published this web service to a virtual directory located on my
development machine so I can add a referrence to the web service within
the Silverlight application. As long as I hard code a string[] with
URL's and (comment out all the SharePoint code - (like calls to and
SPSite object or SPWeb) - the Silverlight application can talk to and
pull content from the web service. You can also go to IIS, right click
on the *.asmx file and the web service methods are displayed and you
can invoke the web methods with valid (hard coded) content returned.
As soon as I add the call to the SPSite/SPWeb objects and publish the
web service the Invoke upon the web methods only returns a HTTP 500
Error. I have tried all the permissions on the virtual directory where
the web service is published but nothing seems to help.

I have also put all the SPSite/SPWeb code back in the web method and
ran this web service in debug - the invoke on the web methods work just

I have include the *.cs file that defines the web service:

using Microsoft.SharePoint;
using System;
using System.Collections;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Xml.Linq;

/// <summary>
/// This is a web service that exposes the content of the Sharepoint
picture library and passes the content URL's to the calling application.
/// </summary>

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET
AJAX, uncomment the following line.
public class Service : System.Web.Services.WebService

public Service()
//Uncomment the following line if using designed components

public string[] LoadPicsFromAPI(string sSite, string sListName)
//string sSite
= "http://sps2007:10809/sites/EchelonDocLibrary/";
string spWebURL = "";
SPSite scSite = new SPSite(sSite);

SPWebCollection collWebsites = scSite.AllWebs;
ArrayList arReturn = new ArrayList();
int i = 0;

SPList spList = null;
foreach (SPWeb wsTemp in collWebsites)
SPListCollection collLists = wsTemp.Lists;
spList = collLists[sListName];
spWebURL = wsTemp.Url;

// Insure the collection is not null and is a doc lib.
if (spList != null)
//SPDocumentLibrary docLib = (SPDocumentLibrary)spList;
if (spList.BaseTemplate != SPListTemplateType.XMLForm)
// Enumerate the items in the doc lib
SPListItemCollection collListItems = spList.Items;
foreach (SPListItem liTemp in collListItems)
if (liTemp.File.Url.EndsWith(".jpg") ||
arReturn.Add(spWebURL + "/" +
//arReturn[i++] = sSite + "/" +

//Convert ArrayList to string[]
string[] arReturnValue = new string[arReturn.Count];
foreach (string url in arReturn)
arReturnValue[i++] = url;
//string[] arReturnValue = new string[3];
//arReturnValue[0] = "http://ford/";
//arReturnValue[1] = "http://ford/silverlight";
//arReturnValue[2] = "http://something.com";

return arReturnValue;

So to recap: got a web service with a web method. In the web method I
call SharePoint object model and read the URL's off items in a Picture
library. The web service works great in debug, but when I publish the
web service and call the web method's invoke I get a "HTTP 500 Error".



11 Answers Found

Answer #1    Answered By: Cole Curtis     Answered On: Oct 05

Where is the virtual directory you are publishing to in relation to the
MOSS server - same physical machine and a virtual directory in the same
app pool?

Answer #2    Answered By: Debbie Snow     Answered On: Oct 05

Rather than using a Web Service, you may want to look at using the URL
Protocol to access the images in the picture library. Check link for Web Part:

Answer #3    Answered By: Adalberto Merrill     Answered On: Oct 05

My main MOSS site is SharePoint-Ford - running on port 80 with an
application pool of "SharePoint-ford80" - Application name Root and
Execute permissions of "Scripts and Executables". The virtual
directory were the web  service is the next layer down in the tree
running is under the SharePoint-Ford site. The web service  is
running in a virtual directory named "SilverlightWebServices" with
the application pool set to "SharePoint - ford80"; with an
Application name of "SilverlightWebServices"; Execute permissions
of "None" (however I have tried all the execute permissions here with
no luck) and it is running in the Application pool of "SharePoint -

I created a web service to talk with Silverlight, because according
to the documentation this is the only allowed method to input
information into Silverlight. I will review your URL protocol to see
if it is something that I can use.

Answer #4    Answered By: Lynsey Carver     Answered On: Oct 05

I turned on debug in the web.config and this is the error:

System.Security.SecurityException: Request for the permission of
type 'Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=, Culture=neutral,
PublicKeyToken=71e9bce111e9429c' failed.
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException
(Assembly asm, PermissionSet granted, PermissionSet refused,
RuntimeMethodHandle rmh, SecurityAction action, Object demand,
IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException
(Object assemblyOrString, PermissionSet granted, PermissionSet
refused, RuntimeMethodHandle rmh, SecurityAction action, Object
demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper
(PermissionSet grants, PermissionSet refused, PermissionSet demands,
RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction
action, Boolean throwException)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper
(CompressedStack cs, PermissionSet grants, PermissionSet refused,
PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm,
SecurityAction action)
at Service.LoadPicsFromAPI(String sSite, String sListName)

Any thoughts?

Answer #5    Answered By: Richard Allen     Answered On: Oct 05

SharePoint runs under a very restrictive Code Access Security setting.
I assume the .dll that you produced for your webservice is in the
virtual directory under your web  application. As such it will inherit
its trust level (CAS) settings from the root of the website (the
sharePoint web app). By default that is set to WSS_Minimal which does
not allow code in the bin directory of websites to use the SharePoint
object model, which is what your webservice is trying to do. You have
several potential solutions. #1 set the Trust Level= setting in the
root web.config to "Full". Nice easy quick test, but it's the wrong way
to fix the problem. #2 set the Trust Level= setting to "WSS_Medium"
This is less restrictive than the default and MAY solve your problem.
#3 Sign your code and put it in the GAC. The GAC runs code like it was
TrustLevel="Full", but only code in the GAC runs that way, the rest of
the site stays at "WSS_Minimal". I would try #1 first to see if that is
the issue, then do #2 or #3 to fix the problem long term.

Answer #6    Answered By: Ian Davis     Answered On: Oct 05

Let me make sure I understand. I built a *.asmx file for the
webservice - I don't have a *.dll for the webservice.

In the web  service virtual directory I have a web.config file for the
service itself - there is nothing in the file by default for

Your solution #1 says to change the web.config for the "SharePoint-
ford80" (this is the website the webservice virtual directory is
runninng under.
So I need to change in the "SharePointFord80" web.config from the
<trustLevel name="WSS_Medium" policyFile="C:\Program
Files\Common Files\Microsoft Shared\Web Server Extensions\12
\config\wss_mediumtrust.config" />
<trustLevel name="WSS_Minimal" policyFile="C:\Program
Files\Common Files\Microsoft Shared\Web Server Extensions\12
\config\wss_minimaltrust.config" />

... to <trustLevel ????>

Not sure what to put for the ????

Answer #7    Answered By: Jagjit Hui     Answered On: Oct 05

A couple of things.

1) If you built you *.asmx with a code sheet then that is being
compiled to a .dll and deployed somewhere. If not, then I assume you
are using inline code. Either way that code is being compiled and run
in the context of the webservice virtual directory. To get that code to
the GAC you would need to move any inline code in the *.asmx to a code
beside sheet and strong name the project then deploy the resulting .dll
to the GAC and the .asmx file where you have been putting it.

2) You are looking in the right web.config for the setting, just in
slightly the wrong place. You the two entries that define Trust Levels,
"TrustLevel" (note: no space). There is also an entry for "Trust Level"
(note: space between Trust and Level). The one with the space is the
one you have to change. The other ones point to policy files that
define what WSS_Medium and WSS_Minimal actually do. The one you want to
change looks like this <Trust Level=" WSS_Minimal" .... You want to
change that temporarily to <Trust Level="Full".... Be careful it is
case sensitive.

Answer #8    Answered By: Joanne Greer     Answered On: Oct 05

What is your
<trust level=

set to in the web  Application's web.config?

If you set it to:
<trust level="Full"

does your solution work? If so, I have good news.

Answer #9    Answered By: Cathy Cameron     Answered On: Oct 05

Adding the line:
<trust level="Full" /> to the web  service's web.config worked :). Before
there was not a <trust leve.... /> within this web.config by default.

Answer #10    Answered By: Kerri Steele     Answered On: Oct 05

I'm glad that worked, but that shouldn't be the way you leave it. A
setting of Full turns off code access security for that website. Its
nice for a Dev environment or to verify that security is indeed the
issue (as you did here). But you really should now fix the problem
appropriately because you should never run a production web  site at
Full. There are several better ways to fix the problem,

#1 - Try a setting of WSS_Medium in the SharePoint web.config and remove
the Trust Level setting from the WebService Web.config. This is more
forgiving than the original WSS_Minimal setting, but doesn't scrap
security entirely like Full does.

#2 - Remove the code from the ASMX file and put it in a .dll. Add that
to the GAC. Code in the GAC is always fully trusted

#3 - Create a custom CAS security Policy file and load it using a
<TrustLevel =file ... entry. Then set <Trust Level... to point at the
name you loaded it under. If you look at the entries this is how
WSS_Minimal and WSS_Medium are created.

To better understand the process take a look at the following
whitepaper. It's written from the viewpoint of a webpart, but the
concepts are the same.


Answer #11    Answered By: Alisha Itagi     Answered On: Oct 05

In addition, if you have multiple web  servers in the farm, any change to
web.config needs to be performed on all of those servers.

One way to make sure that happens is to configure a Web.Config
Modification in SharePoint. There is a free administrative page you can
download from

Or, you can put code in a Feature Activated / Feature Deactivated
call-out to accomplish the same thing.

Didn't find what you were looking for? Find more on Web Service Returns HTTP 500 Error Or get search suggestion and latest updates.