We Keep Coding

SAML2 using Thinktecture and WCF

I'm setting up a SAML2 STS using Thinktecture IdentityServer and a WCF Service.
The idea is to have Thinktecture supply the Assertions that are then used in the WCF Service.
Now, I have it running all fine with SAML 11 Assertions - urn:oasis:names:tc:SAML:1.0:assertion
The assertions are something like this:
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_4e06770b-7fa0-425f-a4f3-263710f135d7" Issuer="https://localhost:123" IssueInstant="2014-01-18T16:16:38.099Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
- <saml:Conditions NotBefore="2014-01-18T16:16:37.662Z" NotOnOrAfter="2014-01-18T16:26:37.662Z">
- <saml:AudienceRestrictionCondition>
<saml:Audience>https://localhost:44300/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
- <saml:AttributeStatement>
- <saml:Subject>
- <saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>...
Now, the requirement is to use SAML2, not the previous version. So changing the Token type in Thinktecture is simple and the new Assertion generates fine and get's picked by the client just fine.
New SAML2 Assertion:
<Assertion ID="_f9c48402-857a-4cc3-8525-1af307ef3a01" IssueInstant="2014-01-18T16:32:18.038Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://localhost:123</Issuer>
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
- <Reference URI="#_f9c48402-857a-4cc3-8525-1af307ef3a01">
- <Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>Nib1Bs9jy13unYShm08EcncqFsOS5IwVuWQ4tGoe4Pg=</DigestValue>
</Reference>
</SignedInfo> ...
But when we then try to consume the WCF by passing the new asertion we get the exception:
XmlException: Cannot read the token from the 'Assertion' element with the 'urn:oasis:names:tc:SAML:2.0:assertion' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified
Here's an excerpt of WCF web.config:
...
<services>
<service name="testsys.RFD.FormManager.RFDFormManagerService" behaviorConfiguration="testsys.RFD.FormManagerBehavior">
<endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="FormManager_PortType" />
</service>
</services>
<protocolMapping>
<!--<add scheme="http" binding="ws2007FederationHttpBinding" />
<add scheme="http" binding="ws2007FederationHttpBinding" />-->
<add binding="ws2007FederationHttpBinding" scheme="https" />
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ILoggerService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxBufferSize="65536" maxReceivedMessageSize="65536" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" messageEncoding="Text">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<ws2007FederationHttpBinding>
<binding name="ws2007FederationHttpBinding">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<!-- issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"-->
<issuerMetadata address="https://localhost:123/adfs/services/trust/mex" />
</message>
</security>
</binding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message>
<issuerMetadata address="https://localhost:123/adfs/services/trust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<wsHttpBinding>
<binding name="RFD_Binding_HTTP" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
<binding name="wsHttpBinding_IRFDFormManager" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
<binding name="HttpBinding_IRFDFormManager" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="None" />
</binding>
<binding name="WSHttpBinding_IRESTFormManager">
<security mode="None" />
</binding>
</wsHttpBinding>
...
<behavior name="testsys.RFD.FormManagerBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" httpsGetUrl="https://localhost:44300/RFDFormManager.svc" />
<serviceDebug includeExceptionDetailInFaults="true" />
<useRequestHeadersForMetadataAddress />
<serviceCredentials>
<serviceCertificate findValue="65A34BC197C2E1334D971613521D53D3B5B807FF" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
<issuedTokenAuthentication certificateValidationMode="None">
<!-- The X.509 certificate CN=localhost chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider -->
<allowedAudienceUris>
<add allowedAudienceUri="https://localhost:44300/" />
</allowedAudienceUris>
</issuedTokenAuthentication>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Always" />
<serviceSecurityAudit auditLogLocation="Application" suppressAuditFailure="true" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" />
</behavior>
...
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<securityTokenHandlers>
<add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</securityTokenHandlers>
<audienceUris>
<!-- <add value="https://localhost:44300/" />-->
<add value="https://localhost:44300/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="https://localhost:123"><keys><add thumbprint="7C399B2EA330F507902C81280E77407242FF6916" /></keys><validIssuers><add name="https://localhost:123" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<!--<certificateValidation certificateValidationMode="None" />-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<!--<add thumbprint="7C399B2EA330F507902C81280E77407242FF6916" name="https://localhost:123" />-->
<add thumbprint="65A34BC197C2E1334D971613521D53D3B5B807FF" name="https://localhost:123" />
<add thumbprint="15abb1aef64def860ca543f54fc8dee222d49b86" name="https://localhost:123" />
</trustedIssuers>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" revocationMode="NoCheck" />
<!--revocationMode="NoCheck" should not be used to prod.-->
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<!--<wsFederation passiveRedirectEnabled="true" issuer="https://localhost:123/issue/wsfed" realm="https://localhost:44300" reply="https://localhost:44300" requireHttps="false" />-->
<wsFederation passiveRedirectEnabled="true" issuer="https://localhost:123/issue/wsfed" realm="https://localhost:44300/" reply="https://localhost:44300/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
...
So what we're doing wrong ?

I can't be bothered to go through your WCF configuration - especially since most of it is not related to the question.
You don't need to do anything "special" in WCF to consume SAML2 tokens - follows this simple sample - and then re-integrate into your application:
http://leastprivilege.com/2012/11/16/wcf-and-identity-in-net-4-5-external-authentication-with-ws-trust/

The type initializer for 'System.ServiceModel.Diagnostics.TraceUtility' threw an exception

I have developed a console application using C#, to access another API and pull relevant data. It works fine, when I have checked with a small amount of data inputs. While I am doing load testing with huge amount of datas, it throws an exception.
The Exception is:
The type initializer for 'System.ServiceModel.Diagnostics.TraceUtility' threw an exception.
My app.config:
<?xml version="1.0"?>
<configuration>
<commonBehaviors>
<serviceBehaviors>
<serviceTimeouts transactionTimeout="01:55:00"/>
</serviceBehaviors>
</commonBehaviors>
<bindings>
<customBinding>
<binding name="EloquaService"
closeTimeout="00:55:00"
openTimeout="00:55:00"
receiveTimeout="00:55:00"
sendTimeout="01:55:00">
<security defaultAlgorithmSuite="Default"
authenticationMode="UserNameOverTransport"
requireDerivedKeys="true"
securityHeaderLayout="Strict"
includeTimestamp="true"
keyEntropyMode="CombinedEntropy"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings cacheCookies="true"
detectReplays="false"
replayCacheSize="900000"
maxClockSkew="00:05:00"
maxCookieCachingTime="Infinite"
replayWindow="00:05:00"
sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00"
cookieRenewalThresholdPercentage="60"/>
<localServiceSettings detectReplays="false"
issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128"
replayCacheSize="900000"
maxClockSkew="00:05:00"
negotiationTimeout="00:01:00"
replayWindow="00:05:00"
inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00"
sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true"
maxPendingSessions="128"
maxCachedCookies="1000"
timestampValidityDuration="00:05:00"/>
<secureConversationBootstrap/>
</security>
<textMessageEncoding maxReadPoolSize="64"
maxWritePoolSize="16"
messageVersion="Soap11"
writeEncoding="utf-8">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"/>
</textMessageEncoding>
<httpsTransport manualAddressing="false"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
allowCookies="false"
authenticationScheme="Anonymous"
bypassProxyOnLocal="false"
decompressionEnabled="true"
hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true"
maxBufferSize="65536"
proxyAuthenticationScheme="Anonymous"
realm=""
transferMode="Buffered"
unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true"
requireClientCertificate="false"/>
</binding>
<binding name="EmailServiceEndpoint"
closeTimeout="00:55:00"
openTimeout="00:55:00"
receiveTimeout="00:55:00"
sendTimeout="01:55:00">
<security defaultAlgorithmSuite="Default"
authenticationMode="UserNameOverTransport"
requireDerivedKeys="true"
securityHeaderLayout="Strict"
includeTimestamp="true"
keyEntropyMode="CombinedEntropy"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings cacheCookies="true"
detectReplays="false"
replayCacheSize="900000"
maxClockSkew="00:05:00"
maxCookieCachingTime="Infinite"
replayWindow="00:05:00"
sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00"
cookieRenewalThresholdPercentage="60"/>
<localServiceSettings detectReplays="false"
issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128"
replayCacheSize="900000"
maxClockSkew="00:05:00"
negotiationTimeout="00:01:00"
replayWindow="00:05:00"
inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00"
sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true"
maxPendingSessions="128"
maxCachedCookies="1000"
timestampValidityDuration="00:05:00"/>
<secureConversationBootstrap/>
</security>
<textMessageEncoding maxReadPoolSize="64"
maxWritePoolSize="16"
messageVersion="Soap11"
writeEncoding="utf-8">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"/>
</textMessageEncoding>
<httpsTransport manualAddressing="false"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
allowCookies="false"
authenticationScheme="Anonymous"
bypassProxyOnLocal="false"
decompressionEnabled="true"
hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true"
maxBufferSize="65536"
proxyAuthenticationScheme="Anonymous"
realm=""
transferMode="Buffered"
unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true"
requireClientCertificate="false"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://secure.eloqua.com/API/1.2/service.svc"
binding="customBinding"
bindingConfiguration="EloquaService"
contract="EloquaService.EloquaService"
name="EloquaService"/>
<endpoint address="https://secure.eloqua.com/API/1.2/ExternalActionService.svc"
binding="customBinding"
bindingConfiguration="EmailServiceEndpoint"
contract="EloquaProgramService.ExternalActionService"
name="EmailServiceEndpoint"/>
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
How do I solve this problem?

The issue has been overcome. Probably I was having two app.config files. One is from the service reference and another one from my application. Both were having the same code. I just removed the below code from my appl.config which is placed in my application. Now it is not throwing the above exception.
<commonBehaviors>
<serviceBehaviors>
<serviceTimeouts transactionTimeout="01:55:00"/>
</serviceBehaviors>
</commonBehaviors>

This happened to me just now. I thought of sharing, even though it is very silly.
Here is what I did
I added reference to WCF service in a console application.
I added a key-value pair value in config without it being inside appSettings section in the config. In my haste to test the service I ran my console application and got the exact same error.
On going into the error details, I figured it was because of invalid config entries in my config.
Once I added the key value pair inside appSettings section, it worked. I know it's silly, but still it happened to me. :).

I had similar exception and problem was
1) having two config files and had similar settings (web.config in Web layer / app.config in Service Layer-we were calling external service)
2) invalid section in web.config (log4net config section)
Visual studio did not show any error for no#2 as its looks valid section for VS but at run time it was throwing error. Removed app.config in Service layer and it resolved issue.

WCF SOAP Error for Larger Requests

I need to download a few hundred thousand entities from a 3rd party hosted web service. The web service allows me to pull down up to 2,000 entities per web service call, but in practice I have only been able to pull down 50-75 entities at a time because of intermittent errors I receive when I call more records. I'm trying to determine if the problem is due to a setting I need to adjust on my side or if the problem is with the 3rd party web service provider. Here's the error I receive:
An error occurred while receiving the HTTP response to
https://some.vendor.com/API/SomeService.svc. This could be due to the
service endpoint binding not using the HTTP protocol. This could also
be due to an HTTP request context being aborted by the server
(possibly due to the service shutting down). See server logs for more
details.
The following is a copy of my application configuration settings for binding the web service:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="SomeService">
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport"
requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings cacheCookies="true" detectReplays="false"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Streamed" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" requireClientCertificate="false" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://secure.Some.com/API/1.2/Service.svc"
binding="customBinding" bindingConfiguration="SomeService"
contract="SomeService.SomeService" name="SomeService" />
</client>
</system.serviceModel>
As you can see in the application configuration binding, I increased the maxBufferPoolSize, maxReceivedMessageSize, and maxBufferSize to 2147483647. I also changed the transferMode to Streamed.

There is another important setting that can be set by adding a behavior:
<behaviors>
<endpointBehaviors>
<behavior name="SomeBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
Then, update your endpoint:
<client>
<endpoint address="https://secure.Some.com/API/1.2/Service.svc"
binding="customBinding" bindingConfiguration="SomeService"
contract="SomeService.SomeService" name="SomeService"
**behaviorConfiguration="SomeBehavior"**/>
</client>

How can I debug a WCF client using username/password in the header encrypted with SSL

I'm still trying to get WCF to talk to CXF. I used a sample from http://rocksolidknowledge.com/Download.mvc and it looks to me like the code works because when I change the username in the client, I see the new username in the service.
I tried to add logging in the client app.config to save what is being sent to the service.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_Av1Service" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
<!--
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
-->
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="client">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://darsdevlaptop:8015/DarsWebServices/services/av1" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_Av1Service" contract="Av1ServiceReference.Av1Service"
name="WSHttpBinding_Av1Service" />
<!--
<endpoint
address="http://localhost:9015/DarsWebServices/services/av1" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_Av1Service" contract="Av1ServiceReference.Av1Service"
name="WSHttpBinding_Av1Service" />
-->
</client>
<diagnostics>
<messageLogging logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
</system.serviceModel>
</configuration>
This configuration makes a client_msg.svclog file which I can view with the Microsoft Service Trace Viewer. And inside this file I see
E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2011-12-08T15:27:46.1360000Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="Clieint.vshost" ProcessID="5660" ThreadID="10" />
<Channel />
<Computer>DARSDEVLAPTOP</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2011-12-08T10:27:46.1320000-05:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Channels.BodyWriterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<HttpRequest>
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<VsDebuggerCausalityData>uIDPo7bjbPmwsKdKqJIT7OFhvN8AAAAA+hhv3g5Q+UymaaUAoh1MoXMwGPaCPSlAoTQw7kFj3m8ACQAA</VsDebuggerCausalityData>
</WebHeaders>
</HttpRequest>
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IPing/Ping</a:Action>
<a:MessageID>urn:uuid:85d46f93-9798-41c4-a8fd-e862b3858d46</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<Ping xmlns="http://tempuri.org/"></Ping>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
And I am dismayed not to find any reference to username or password
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IPing/Ping</a:Action>
<a:MessageID>urn:uuid:85d46f93-9798-41c4-a8fd-e862b3858d46</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
I also tried running fiddler2, but I'm not seeing any username/password there either.
So what is happening? Am I missing how to use the view tools? Is it being passed not in the header? If so, how would I fix that!
Just to explain why I care about this:
I gave code based on the sample to my customer to talk to the CXF
service and the report I'm getting back is that the username/password
is not being passed.
I can't actually debug the communication myself because I can't seem
to get WCF to take the test certificate from CXF.
Everything worked fine WCF to WCF but that isn't what the customer
needs.
I'm feeling very stumped. Thanks for your help.

I don't see the diagnostic source being set. Such as this.
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="c:\logs\messages.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
I hope you have looked at this msdn article.

WCF: programatically configuring the service with certificate

Here's the whole issue: I want to create WCF dll to access WCF services.... the only issue is, when I use the WCF DLL config file with an application that has it's OWN app.config file, the WCF DLL app.config file gets ignored.......
I figure one way to fix this problem is to translate my app.config to code, but unfortunately I don't know what I am doing.
If you look at the app.config file below, you can also see that I use a certificate with an encoded value, which has made it more difficult for me to translate because like I said before I have no idea what I am doing, this is kind of a "learn as you go approach" for me.
Does anyone have any idea of how to accomplish either being able to use the app.config as is, instead of the WCF service accessing the APPLICATION's app.config?
OR
Does anyone have an article, tool or advice on how to translate the following app.config to C#?
any information would be fantastic..... Thanks, in advance.
<system.serviceModel>
<bindings>
<customBinding>
<binding name="customBindingHTTP">
<security authenticationMode="SecureConversation">
<localClientSettings maxClockSkew="23:30:00" />
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated">
<localClientSettings maxClockSkew="23:30:00" />
</secureConversationBootstrap>
</security>
<binaryMessageEncoding maxReadPoolSize="20000000" maxWritePoolSize="20000000"
maxSessionSize="20000000">
<readerQuotas maxDepth="20000000" maxStringContentLength="20000000"
maxArrayLength="20000000" maxBytesPerRead="20000000" maxNameTableCharCount="20000000" />
</binaryMessageEncoding>
<httpTransport maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000"
maxBufferSize="20000000" useDefaultWebProxy="false" />
</binding>
<binding name="CustomBinding_ITestService">
<security defaultAlgorithmSuite="Default" authenticationMode="SecureConversation"
requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap defaultAlgorithmSuite="Default"
authenticationMode="UserNameForSslNegotiated" requireDerivedKeys="true"
securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
</secureConversationBootstrap>
</security>
<binaryMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
maxSessionSize="2048">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binaryMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://xx.xx.xxx.xxx:xxxx/TestService/custom"
behaviorConfiguration="ClientCertificateBehavior" binding="customBinding"
bindingConfiguration="customBindingHTTP" contract="ServiceReference1.ITestService"
name="CustomBinding_ITestService">
<identity>
<certificate encodedValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>

The code below should be a good starting point for what you require. I've filled in a handful of the properties that I saw in your app.config and set them appropriately.
CustomBinding endpointBinding = new CustomBinding();
SymmetricSecurityBindingElement securityElement = SecurityBindingElement.CreateUserNameForSslBindingElement();
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityElement.LocalClientSettings.MaxClockSkew = new TimeSpan(23, 30, 0);
endpointBinding.Elements.Add(securityElement);
endpointBinding.Elements.Add(new BinaryMessageEncodingBindingElement());
endpointBinding.Elements.Add(new HttpsTransportBindingElement());
As for the certificate... Once you have a WCF service host object you can add the certificate like so:
host.Credentials.ServiceCertificate.Certificate = cert;

Also you can put your dll's app.config file contents into the caller app's app.config file.