Getting Access is denied for the user NT AUTHORITY\NETWORK SERVICE.while accessing coreservice Tridion

Question

When I was writing the custom page using tridion 2011 core services from my local, I used my tridion credential to access the core services webservice.

Now when everything is done on my local :), I published my website and simply did below things on the Tridion CM server.

• In the IIS I created new aplication website with name "CoreServices"
• Used the application pool using Network USer
• Copied my published website in the coreservice mapped folder.
• Removed my credential from web config and implemented logic to read the user details who is accessing the website/custom page

• Now when I am trying to access the coreservice website, I am getting below error

  Access is denied for the user NT AUTHORITY\NETWORK SERVICE. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

  Exception Details: System.ServiceModel.FaultException`1[[Tridion.ContentManager.CoreService.Client.CoreServiceFault, Tridion.ContentManager.CoreService.Client, Version=6.1.0.996, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b]]: Access is denied for the user NT AUTHORITY\NETWORK SERVICE.

please suggest!!

EDIT: I can see NT AUTHORITY\NETWORK SERVICE is been already added to my Tridion MMC, please below screenshot:

Answer 1

try this if it works for you, I haven't tried this so not sure that it will work

var remoteAddress = new EndpointAddress(Settings.EndpointAddress);
ProxyClient = new CoreServiceClient(basicHttpBinding, remoteAddress);
ProxyClient.ClientCredentials.Windows.AllowNtlm = true;
ProxyClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
ProxyClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

Answer 2

This message indicates that the core service is being successfully called by your code and that your network credentials are successfully recognised, but that Tridion isn't granting access. There are two possible scenarios here:

1. You wish Tridion to use the NETWORK SERVICE identity as the Trustee under which to act. In this case, NETWORK SERVICE would be added as a User. This would be an unusual configuration, as you will commonly want NETWORK SERVICE to be an impersonation user for other purposes.
2. You wish to connect to Tridion as NETWORK SERVICE, but then have Tridion act as a different Trustee. In this scenario, NETWORK SERVICE should be configured as an impersonation user in the management snap-in, and you must call the Impersonate method as described in the question John linked to (Tridion CoreService Authentication/Impersonation)

The second of these two approaches is almost certainly what you want. I've really only described the first by way of explanation.