I've got wcf service with ssl communication, wsHttpBinding and Transport security, but when I try to change it to:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName"/>
</security>
I'm getting error:
An unsecured or incorrectly secured fault was received from the other party. See the
inner FaultException for the fault code and detail.
I change security mode on client side and server side and I have up to date contract.
I can't find any solution to this problem.
Will you help me?
Client.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IDatabaseService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://dbservice:3915/DatabaseService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDatabaseService"
contract="DBService.IDatabaseService" name="WSHttpBinding_IDatabaseService">
<identity>
<dns value="dbservice" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Server.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<!--<roleManager defaultProvider="CustomRoleProvider" enabled="true">
<providers>
<clear />
<add name="CustomRoleProvider" type="CustomRoleProvider" />
</providers>
</roleManager>-->
<!--<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear />
<add name="CustomMembershipProvider" type="CustomMembershipProvider" />
</providers>
</membership>-->
</system.web>
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
<listeners>
<add name="sdt" type="System.Diagnostics.XmlWriterTraceListener" initializeData="SdrConfigExample.e2e" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.serviceModel>
<services>
<service name="DBService.DatabaseService" behaviorConfiguration="ServiceBehavior">
<endpoint address="https://dbservice:3915/DatabaseService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDatabaseService" contract="DBService.IDatabaseService">
<identity>
<dns value="dbservice" />
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<!--<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="CustomRoleProvider" />-->
<serviceCredentials>
<!--<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="CustomMembershipProvider" />-->
<serviceCertificate findValue="dbservice" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IDatabaseService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
</entityFramework>
<connectionStrings>
<add name="WypozyczalniaDataContext" connectionString="metadata=res://*/Wypozyczalnia.csdl|res://*/Wypozyczalnia.ssdl|res://*/Wypozyczalnia.msl;provider=System.Data.SqlServerCe.4.0;provider connection string="data source=C:\Users\Wojciech\Desktop\Wypozyczalnia\Wypozyczalnia.sdf"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
After 8 hours, finally I've found the problem. I've been editing DBSerivce.config, but I've forgotten, that there is separate App.config for my self-hosting application...
Be aware of that or you'll lose half a day :P.
Related
So I am trying to create a WCF Service that uses SSL and with a Custom Authenticator.
This is the Server config:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SSL">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="CustomValidation" name="WCFService.Service1">
<endpoint address="" binding="wsHttpBinding" contract="WCFService.IService1" bindingConfiguration="SSL"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CustomValidation">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug httpsHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFService.Verification, WCFService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="false"/>
</system.webServer>
</configuration>
This is my Validation Class:
Imports System.IdentityModel.Selectors
Public Class Verification
Inherits UserNamePasswordValidator
Public Overrides Sub Validate(userName As String, password As String)
If Not (username = "Admin" AndAlso password = "Fake Password") Then
Throw New Exception("Wrong Username Password combination.")
End If
End Sub
End Class
App Config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\users\connor smith\documents\visual studio 2015\projects\wcfserviceconsumer\wcfserviceconsumer\app_messages.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://mysite.co.uk/WCFService/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="AService.IService1" name="WSHttpBinding_IService1" />
</client>
</system.serviceModel>
</configuration>
I consume it in a test application, then I set the Username and Password to be Admin and Fake Password, then I go to use the service and get the following error:
Error
Edit: Some more error information:
'An unhandled exception of type 'System.ServiceModel.ProtocolException' occurred in mscorlib.dll'
Am I missing something?
I have got this issue on IIS but when I run it on my machine it works fine. Please see my web.config below. I am stuck in this situation for a long time please help me out in order to sort out the problem.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation targetFramework="4.5.1" tempDirectory="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\five9" />
<customErrors mode="Off"/>
<httpRuntime targetFramework="4.5.1" />
</system.web>
<system.serviceModel>
<bindings>`enter code here`
<basicHttpBinding>
<binding name="WsAdminBinding" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
<!-- <security mode="TransportWithMessageCredential">
<transport clientCredentialType="UserName" />
</security> -->
</binding>
<binding name="WsAdminBinding1" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://api.five9.com/wsadmin/v3/AdminWebService" binding="basicHttpBinding" bindingConfiguration="WsAdminBinding" contract="Five9API_v3.WsAdmin" name="WsAdminPort" />
</client>
<behaviors>
<serviceBehaviors>
<behavior name="Metadata">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<defaultDocument>
<files>
<add value="getUserInfo.aspx" />
</files>
</defaultDocument>
</system.webServer></configuration>
Passing username and password in a header in order to access this webservice and i can achieve in following way and it works fine on my machine but create issue on server.
var client = new Five9API_v3.WsAdminClient();
var loginCredentials = new ClientCredentials();
loginCredentials.UserName.UserName = username;
loginCredentials.UserName.Password = password;
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
client.Endpoint.Behaviors.Remove(client.Endpoint.Behaviors.Find<ClientCredentials>());
client.Endpoint.Behaviors.Add(loginCredentials);
I can't seem to get message encryption working for wsHTTPBinding.
My setup is:
IIS Server
Default Web Site requires SSL and is tied to a self signed certificate I used using the IIS Self signing cert link.
SSL allows Certificate.
In my Web.Config of the web service I've got logging turned on and this is how I see that the message is not encrypted.
Web.Config is below
App config of the calling application is below.
I believe SSL is working as expected because when I try to access the web service using http I get an error. "The page you are trying to access is secured with Secure Sockets Layer (SSL)." If I use https to access the webservice I get the standard service page offering up the metadata link.
The cert pc548.fuzzywig.com is made up but the cert I have in there appears to be working.
Web Config
<?xml version="1.0"?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\github\idjcwebservices\dolwebservicehost\web_messages.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="false" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1"/>
</system.web>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_DOLService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" ></transport>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceCredentialBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName"/>
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="pc548.fuzzywig.com"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="JuvenileDataShare.DOLService.DOLService" behaviorConfiguration="serviceCredentialBehavior">
<endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_DOLService"
contract="JuvenileDataShare.DOLService.IDOLService">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
App.Config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IDOLService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDOLService" behaviorConfiguration="endpointCredentialBehavior"
contract="ServiceReference1.IDOLService" name="WSHttpBinding_IDOLService">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAoNjSmPGA78fyuWudCXDRS+ctSL4gAAAAAQAAAOgCAAAwggLkMIIBzKADAgECAhAZR1gTdbeUs0DhGCG1RcuZMA0GCSqGSIb3DQEBBQUAMBsxGTAXBgNVBAMTEFBDNTQ4LnJlc2RhdC5jb20wHhcNMTQxMjEwMjMxMzExWhcNMTUxMjEwMDAwMDAwWjAbMRkwFwYDVQQDExBQQzU0OC5yZXNkYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3yOPbRwjthCWnrZEjXdnp2XiGfjqJKQEu3BT5Sx6JGFJnFx/EnYo9GsZY+oDQQBcvIvG1sOH7H9Egxxl4Br1m0+qfO1RkaMCa1RsloE6bgWJMtlnGO0NazfNYI8zyjkpY5VclTesa1jrrzZ1qwllmWPZftwjiKsbdewfZ6sqCwfzI6DMdbUyWkB/l7CWjixOqdkrARnnfB728MVCDAz2/2EOh3hmDC+p1uNSJ4dNumdsNKEocruM7rsOszxzRLV5jcqrg/wG1RwSa2jdZ3ncyshBHlGtnfN+Rq7IEd3c1iwmjEgZFyppjyGi6JLLXU5QvnFOj75t12YoBWgaiIqNwIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBACzT10S1nrPONEVR5oHzIieg2TPFKbDL/Id7Zl7Yw+zTBB2IChAeMu3DuxYIR3+Ph0S6lm82lTF7daozhDKUpOzDjjYDHd/epPNaZRUf/t6NMbIWylj0j10BdISw/dI7a0cTAJ+sP26uaD0czN21BhDAL67QSnKVLlESXDPmPGxSx3Rj6aDEQzCBJagx+gaVFjevFmrdYzUQTpAJZV6u9b3ye+q0mjXYxqDKKQ2dtt6Qbb98km1vSL602bjg0SJhEEHa76yLZZiGM7fS1YTyruyqRfmkwrtyQNiKB0xiJCj0J3BC1HKXYqdC0qeQ99aEpl4+vqRt3dr8j/6uiZwTz4w=" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointCredentialBehavior">
<clientCredentials>
<clientCertificate findValue="pc548.fuzzywig.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
finally the log showing me that it's not encrypted.
<MessageLogTraceRecord>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IDOLService/HelloWorld2Response</a:Action>
<a:RelatesTo>urn:uuid:ede09c2c-b46f-4277-970a-c41b556ce3d9</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-12-12T15:54:47.304Z</u:Created>
<u:Expires>2014-12-12T15:59:47.304Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<HelloWorld2Response xmlns="http://tempuri.org/">
<HelloWorld2Result>Hello World2 # 12/12/2014 8:54:47 AM</HelloWorld2Result>
</HelloWorld2Response>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
change the mexHttpBinding to mexHttpsBinding and then update the metadata through "Update service Reference". Check it again after doing these changes. hope this helps.
I'm getting the following error in my client application when it tries to authenticate to my service:
ID3242: The security token could not be authenticated or authorized
Here is the configuration of the client:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<ws2007HttpBinding>
<binding name="stsBinding">
<security mode="Message">
<message clientCredentialType="UserName"
establishSecurityContext="false"
negotiateServiceCredential="true"/>
</security>
</binding>
</ws2007HttpBinding>
<ws2007FederationHttpBinding>
<binding name="echoClaimsBinding">
<security mode="Message">
<message>
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false"/>
</claimTypeRequirements>
<issuer address="http://localhost:17240/STS.svc"
bindingConfiguration="stsBinding"
binding="ws2007HttpBinding">
<identity>
<dns value="WCFSTS"/>
</identity>
</issuer>
<issuerMetadata address="http://localhost:17240/STS.svc/Mex"></issuerMetadata>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="echoClaimsBehavior">
<clientCredentials>
<serviceCertificate>
<defaultCertificate
findValue="CN=WCFSTS"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName"/>
<authentication
revocationMode="NoCheck"
certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:1438/EchoClaims.svc/EchoClaims"
binding="ws2007FederationHttpBinding"
bindingConfiguration="echoClaimsBinding"
contract="TestService.IEchoClaims"
name="WS2007FederationHttpBinding_IEchoClaims"
behaviorConfiguration="echoClaimsBehavior">
<identity>
<dns value="WCFServer"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Here is the configuration of the service
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<services>
<service name="WcfService1.EchoClaims"
behaviorConfiguration="echoClaimsBehavior">
<endpoint address=""
contract="WcfService1.IEchoClaims"
binding="ws2007FederationHttpBinding"
bindingConfiguration="echoClaimsBinding"></endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="echoClaimsBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate
findValue="CN=WCFServer"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="echoClaimsBinding">
<security mode="Message">
<message negotiateServiceCredential="true">
<!--<issuerMetadata address="http://localhost:17240/STS.svc/mex" />-->
<claimTypeRequirements>
<!--Following are the claims offered by STS 'http://localhost:17240/STS.svc'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" />
</claimTypeRequirements>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<diagnostics>
<messageLogging logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"></messageLogging>
</diagnostics>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris mode="Never"/>
<issuerNameRegistry type="WcfService1.CustomIssuerNameRegistry, WcfService1"/>
</service>
</microsoft.identityModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Warning, Error, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="ServiceModelTraceListener"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="ecb_tracelog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
</configuration>
Please let me know if anyone has an idea of how to determine why authentication is failing. I have Geneva STS tracing on verbose, but it's not giving me any messages about why the certificate isn't being authenticated.
In a similar situation, this forum post by Dominick Baier suggests that the web service rejects the token, so tracing at the STS would not show any problem.
He suggests to check this web service's <microsoft.identityModel><service><securityTokenHandlers><securityTokenHandlerConfiguration><audienceUris> section in its web.config, and to switch on the Microsoft.IdentityModel trace source in that same file.
In my case, turning tracing on revealed one more exception that was thrown before
ID3242: The security token could not be authenticated or authorized
Use this to turn on tracing on the WCF side:
<system.diagnostics>
<sources>
<source name="Microsoft.IdentityModel" switchValue="Verbose">
<listeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="D:\Logs\rie\RIE_Trace.log" />
</listeners>
</source>
</sources>
<trace autoflush="true" />
Again, in my case, the trace files revealed the following exception:
ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
Audience: http://some.th.ing/
Turns out the audienceUri was not correct in the WCF Web.config.
Hope this helps
I am trying to set the binding setting maxRetryCount="Integer" but it states "The maxRetryCount attribute is not allowed".
I see it being referenced/used in many examples.
What am I doing wrong?
Want to set this attribute(setting)to see if it stops an error I am getting: The maximum retry count has been exceeded with no response from the remote endpoint. The reliable session was faulted. This is often an indication that the remote endpoint is no longer available.
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<services>
<service name="dedicated_servers.dedicated_servers.DedicatedServerApi">
<endpoint address="User" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiUser" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="Server" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiServer" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NoSecurityConfig" openTimeout="00:05:00" closeTimeout="00:05:00" sendTimeout="00:05:00"
receiveTimeout="00:05:00">
<security mode="None">
<transport clientCredentialType="None" />
<message establishSecurityContext="false" />
</security>
<reliableSession enabled="true" inactivityTimeout="00:10:00" maxRetryCount="8" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
See this answer. To paraphrase, you can't set the maxRetryCount on wsHttpBinding but you can do some custom binding trickery to make it work.