I am working on a WCF service. It is hosted in IIS and secured by SSL. I am using custom biding with Soap11. I have a private key for this service and it is referenced in the web.config file. I have exported the public key from the private key and plan to give this public key to a vendor who will call this service.
When I try to test the service using a client. I am getting the below error. In my client I have referenced the public key. My client is sending the request to the service which is secured by the private key. I have checked the private key to make sure I have "you have a private key that correspond to this certificate. also, i have the IIS app pool running under my user name. I am the administrator in the computer.
However, when i try to send a request, I get the error "The private key is not present in the X.509 certificate." in the client. What could be causing this error?
Stack Trace:
System.NotSupportedException was caught
HResult=-2146233067
Message=The private key is not present in the X.509 certificate.
Source=mscorlib
StackTrace:
Server stack trace:
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens, Boolean isPrimarySignature)
at System.ServiceModel.Security.SendSecurityHeader.CompleteSignature()
at System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication()
at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at PaymentGatewayTestClient.Customer.ICustomerDetails.CustomerDetails(CustomerDetailRequest request)
at PaymentGatewayTestClient.Customer.CustomerDetailsClient.CustomerDetails(CustomerDetailRequest request) in c:\temp\Test\PaymentGatewayTestClient\PaymentGatewayTestClient\Service References\Customer\Reference.cs:line 937
at PaymentGatewayTestClient.Program.Main(String[] args) in c:\temp\Test\PaymentGatewayTestClient\PaymentGatewayTestClient\Program.cs:line 38
InnerException:
It looks like the server can't access the private part of the key. You have to grant permission to the private key for the user that runs your app pool.
Also see this:
PrivateKey trust permissions for local machine "Trusted roots" certificates
Related
I am trying to access a web service using WCF client application in CS, when trying to access the web method. I am getting the forbidden error.
Binding configuration:basicHttpBinding
endpoint address=http://xxxxx/yyyy/WebServices/Soap/Query.svc
I noticed 1 more thing - when I try to add the service reference to WCF through VS - it is https://xxxx/yyyy/Webservices/Soap but in app Config it shows http.
Does anyone know how to handle this or what I am missing?
Please do help for the same.
Here is the call stack for the same:
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApplication1.xxxxxx.Query.Result(String userName, String password, String workflowName, String queryId, QueryData data)
at ConsoleApplication1.UTPQueryService.QueryClient.Result(String userName, String password, String workflowName, String queryId, QueryData data) in
Our certificate is expiring and we thought changing it, and the services using it, would be as simple as updating the certificate and updating the services with the certificate's new thumbprint, but that was not the case.
Now, this code was inherited, I didn't write it, so I'm trying to figure stuff out. It breaks right here:
var issuedToken = channel.Issue(rst) as GenericXmlSecurityToken;
All the services that this thing is supposedly hitting have been updated with the new certificate as well. Any pointers are greatly appreciated!
The exception being thrown:
System.ServiceModel.CommunicationException was caught
HResult=-2146233087
Message=An error occurred while receiving the HTTP response to https://***ipsts/Service.svc/IWSTrust13. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
Source=mscorlib
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Mobile_Service.Code.ECNSecurityTokenService.GetClaimsPrincipalWithUserName(String userName, String password) in C:\Development\Mobile Service\Mobile Service\Code\ECNSecurityTokenService.cs:line 59
InnerException: System.Net.WebException
HResult=-2146233079
Message=The underlying connection was closed: An unexpected error occurred on a receive.
Source=System
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
InnerException: System.IO.IOException
HResult=-2146232800
Message=Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Source=System
StackTrace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
InnerException: System.Net.Sockets.SocketException
HResult=-2147467259
Message=An existing connection was forcibly closed by the remote host
Source=System
ErrorCode=10054
NativeErrorCode=10054
StackTrace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
InnerException:
It seems the exception is thrown on connecting to ADFS. I'd check the ADFS Admin/Debug logs to see if ADFS has any issues with certificate i.e. validating chain trust or Revocation. I think, you're very likely running into the issue where ADFS fails validating chain trust or Revocation.
HTH,
Amit Bhatia
I created a simple orchestration to call a WCF service and get response from it. Web service method is very simple:
string GetSimple(int value)
BizTalk monitors a folder and receives activation message using FILE adapter from there, then constructs proper message and calls the web service. But fails with this exception:
Error Description: System.Configuration.ConfigurationErrorsException: Couldn't find type for class System Diagnostics.TextWriterTraceListener.
Server stack trace:
at System.Diagnostics.TraceUtils.GetRuntimeObject(String className, Type baseType, String initializeData)
at System.Diagnostics.TypedElement.BaseGetRuntimeObject()
at System.Diagnostics.ListenerElement.GetRuntimeObject()
at System.Diagnostics.ListenerElement.GetRuntimeObject()
at System.Diagnostics.ListenerElementsCollection.GetRuntimeObject()
at System.Diagnostics.TraceSource.Initialize()
at System.Net.Logging.InitializeLogging()
at System.Net.Logging.get_On()
at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
at System.Net.WebRequest.Create(Uri requestUri)
at System.ServiceModel.Channels.HttpChannelFactory.GetWebRequest(EndpointAddress to, Uri via, NetworkCredential credential, TokenImpersonationLevel impersonationLevel, AuthenticationLevel authenticationLevel, SecurityTokenProviderContainer proxyTokenProvider, SecurityTokenContainer clientCertificateToken, TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory.GetWebRequest(EndpointAddress to, Uri via, SecurityTokenProviderContainer tokenProvider, SecurityTokenProviderContainer proxyTokenProvider, SecurityTokenContainer clientCertificateToken, TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.GetWebRequest(EndpointAddress to, Uri via, SecurityTokenContainer clientCertificateToken, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.GetWebRequest(EndpointAddress to, Uri via, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.BeginSendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.BeginRequest(Message message, TimeSpan timeout, AsyncCallback callback, Object state)
at System.ServiceModel.Dispatcher.RequestChannelBinder.BeginRequest(Message message, TimeSpan timeout, AsyncCallback callback, Object state)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.StartSend(Boolean completedSynchronously)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.Begin()
at System.ServiceModel.Channels.ServiceChannel.BeginCall(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, TimeSpan timeout, AsyncCallback callback, Object asyncState)
at System.ServiceModel.Channels.ServiceChannel.BeginRequest(Message message, TimeSpan timeout, AsyncCallback callback, Object state)
at System.ServiceModel.Channels.ServiceChannel.BeginRequest(Message message, AsyncCallback callback, Object state)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.Channels.IRequestChannel.BeginRequest(Message message, AsyncCallback callback, Object state)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendRequestMessage(IBaseMessage bizTalkMessage, IRequestChannel channel)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)
Exception type: XlangSoapException
Source: Microsoft.XLANGs.BizTalk.Engine
Target Site: Void VerifyTransport(Microsoft.XLANGs.Core.Envelope, Int32, Microsoft.XLANGs.Core.Context)
The following is a stack trace that identifies the location where the exception occured
at Microsoft.BizTalk.XLANGs.BTXEngine.BTXPortBase.VerifyTransport(Envelope env, Int32 operationId, Context ctx)
at Microsoft.XLANGs.Core.Subscription.Receive(Segment s, Context ctx, Envelope& env, Boolean topOnly)
at Microsoft.XLANGs.Core.PortBase.GetMessageId(Subscription subscription, Segment currentSegment, Context cxt, Envelope& env, CachedObject location)
at Orch.Orc.segment1(StopConditions stopOn)
at Microsoft.XLANGs.Core.SegmentScheduler.RunASegment(Segment s, StopConditions stopCond, Exception& exp)
I couldn't find TextWriterTraceListener. Where is it? How to get rid of this exception?
It seems there's a problem with the config file of the WCF service or BTSNtSvc.exe.config. BizTalk seems to be sending the correct request.
Most likely, your config around logging messages from WCF is having issues or BTSNtSvc.exe.config having incorrect parameters around logging.
You may want to call the service from standard .net client to narrow down the problem.
HTH
I use the WCFTestClient that is provided with visual studio to test my service.
The thing is that the tool is working for the service that is deployed in wisual studio with my aplication. But if I try to connect to a deployed instance on another machine I get the following exception. Has anyone solved this issue?
The service uses WindowsAutentication.
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oX0we6ADCgEBonQEcmBwBgkqhkiG9xIBAgIDAH5hMF+gAwIBBaEDAgEepBEYDzIwMTAxMDI3MDgzNTIxWqUFAgMCED6mAwIBKakLGwlCQVcuTE9DQUyqJzAloAMCAQOhHjAcGwRob3N0GxRsYmFpdGVzdDAxLmJhdy5sb2NhbA=='.
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at IBCMService.GetAllRegions()
at BCMServiceClient.GetAllRegions()
Inner Exception:
The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
Inner Exception:
The target principal name is incorrect
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e)
You can right click on the config file in wcftestclient, click copy Full path, open the path it in an editor and check that the security settings match the deployed service configuration
I created a simple WCF demo:
Server Side:
namespace ServerSide
{
class Program
{
static void Main(string[] args)
{
System.ServiceModel.ServiceHost host =
new System.ServiceModel.ServiceHost(typeof(HelloIndigo.HelloIndigoService), new Uri("http://locahost:8000/HelloIndigo"));
host.AddServiceEndpoint(typeof(HelloIndigo.IHelloIndigoService), new System.ServiceModel.BasicHttpBinding(), "HelloIndigoService");
host.Open();
Console.Write("Terminate Server");
Console.ReadLine();
}
}
}
Client Side:
namespace ClientSide
{
class Program
{
static void Main(string[] args)
{
System.ServiceModel.EndpointAddress ep =
new System.ServiceModel.EndpointAddress("http://locahost:8000/HelloIndigo/HelloIndigoService");
IHelloIndigoService proxy =
System.ServiceModel.ChannelFactory<IHelloIndigoService>.CreateChannel(new System.ServiceModel.BasicHttpBinding(), ep);
string s = proxy.HelloIndigo();
Console.WriteLine(s);
Console.ReadLine();
}
}
}
Then, run ServerSide, when I tried to run the CLientSide, I got following error msg:
An error occurred while receiving the HTTP response to http://locahost:8000/HelloIndigo/HelloIndigoService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
And the error details:
System.ServiceModel.CommunicationException was unhandled
Message="An error occurred while receiving the HTTP response to http://locahost:8000/HelloIndigo/HelloIndigoService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details."
Source="mscorlib"
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ClientSide.IHelloIndigoService.HelloIndigo()
at ClientSide.Program.Main(String[] args) in E:\My_Test\Test_for_VS2008\WCF_TestLessonOne_Client\ClientSide\Program.cs:line 16
at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException: System.Net.WebException
Message="The underlying connection was closed: An unexpected error occurred on a receive."
Source="System"
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
InnerException: System.IO.IOException
Message="Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."
Source="System"
StackTrace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
InnerException: System.Net.Sockets.SocketException
Message="An existing connection was forcibly closed by the remote host"
Source="System"
ErrorCode=10054
NativeErrorCode=10054
StackTrace:
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
InnerException:
Is your machine called locahost ?? Typically, those machines are called localhost - so try this Url for your service (both on server and client side):
new Uri("http://localhost:8000/HelloIndigo")
With this change, I was able to re-create your sample without any issues whatsoever.