We Keep Coding

Sending file to WCF service, socket connection aborted

I have a WCF service (server) with a method who's signature is
public void SetProfilePic(String pSession, Applicant pApplicant)
Applicant has the property:
public byte[] Photo { get; set; }
From the client I get an image and call SetProfilePic. When the image is small, approx 1cm X 1cm, it works perfectly, however, when the image is larger, 4cm X 3cm, I get the error below
"The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '01:49:59.9779945'."
I have increased the max limits in the app.config files, however I still get the same error. I am using NetTCPBinding in buffered mode. I have also tried MTOM. Both client and service are currently running on the same machine since the project is still in its initial development phase.
I have enabled message logging and tracing on both server and client side, however no further details are given in the logs, which is not very helpful.
Below please find the App.config files for both the client and server.
My experience with WCF is only for a few months. Any help is appreciated. Thanks in advance.
client app.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelTraceListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\users\...\app_messages.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
<add initializeData="c:\users\...\app_tracelog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
</system.diagnostics>
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding" closeTimeout="01:50:00" openTimeout="01:50:00"
receiveTimeout="01:50:00" sendTimeout="01:50:00" maxBufferPoolSize="2147483647"
maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession inactivityTimeout="00:20:00" />
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:9000/RecruitAidService"
behaviorConfiguration="endpointBehavior" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding" contract="RecruitAidClientService.IRecruitAidService"
name="NetTcpBinding" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
service / server app.config
UpdateApplicantUpdateBy(pSession, applId);
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
</configSections>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel" switchValue="Verbose,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelTraceListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\users\...\app_messages.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp, Callstack">
<filter type="" />
</add>
<add initializeData="c:\users\...\app_tracelog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
</system.diagnostics>
<runtime>
<loadFromRemoteSources enabled="true"/>
</runtime>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
<services>
<service name="RecruitAidServer.RecruitAidService">
<clear />
<endpoint address="net.tcp://localhost:9000/RecruitAidService"
binding="netTcpBinding" bindingConfiguration="" name="NetTcpBinding"
contract="RecruitAidServer.IRecruitAidService" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/RecruitAidServer/Service1/" />
</baseAddresses>
<timeouts closeTimeout="00:01:50" />
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="NetTcpBinding" closeTimeout="01:50:00" openTimeout="01:50:00"
receiveTimeout="01:50:00" sendTimeout="01:50:00" maxBufferPoolSize="21474836470000"
maxBufferSize="2147483647" maxReceivedMessageSize="21474836470000"
transferMode="Buffered" messageEncoding="Mtom">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Service config on server side should look like
<endpoint address="net.tcp://localhost:9000/RecruitAidService"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding"
name="NetTcpBinding" behaviorConfiguration="endpointBehavior"
contract="RecruitAidServer.IRecruitAidService" />
and bindings
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding" closeTimeout="01:50:00" openTimeout="01:50:00"
receiveTimeout="01:50:00" sendTimeout="01:50:00" maxBufferPoolSize="21474836470000"
maxBufferSize="2147483647" maxReceivedMessageSize="21474836470000"
transferMode="Buffered" messageEncoding="Mtom">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="16384" />
</binding>
</netTcpBinding>
</bindings>

Why we Use Certificates In WCF

I am working on University Management System on which i am making WCF service....
my requirement is to Secure my web service (WCF) over the internet for this someone told me use certificates but i do not know how to use certificates
i have also implemented Https protocol and i am using WshttpBinding
This is My Web.config file :-
<?xml version="1.0"?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel" switchValue="Warning,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelTraceListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="d:\khurram\projectalahsaan2014\alahsaan\dal\web_messages.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
<add initializeData="d:\khurram\projectalahsaan2014\alahsaan\dal\web_tracelog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
<connectionStrings>
<add name="DAL.Properties.Settings.ConStr" connectionString="Data Source=.\SQL2012;Initial Catalog=AlAhsaan2014;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<!--<httpRuntime maxRequestLength="2147483647" executionTimeout="3600" enable="true" />-->
<!--2147483647-->
<sessionState mode="InProc" cookieless="true" timeout="20"> </sessionState>
</system.web>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="secureWsHttpBinding"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="524288000"
messageEncoding="Mtom"> <!--500MB Download-->
<readerQuotas maxArrayLength="1572864"/> <!--1.5MB Upload-->
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<remove scheme="https"/>
<add scheme="https" binding="wsHttpBinding" bindingConfiguration="secureWsHttpBinding"/>
</protocolMapping>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="DAL.AlahsaanDSL">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureWsHttpBinding"
contract="DAL.IAlahsaanDSL" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
My Question is :-
What are the mechanism of Certificates?
How to Use Certificates?
Does Certificate provide (PKI) (public key infrastructure)?

JSON WCF Method not allowed

I have WCF with contract like that
[WebInvoke(Method = "POST",
ResponseFormat = WebMessageFormat.Json,
RequestFormat = WebMessageFormat.Json,
UriTemplate = "UpdateEncounterStatus/{BookingID}/{BookingStatus}")]
public void UpdateEncounterStatus(string BookingID, string BookingStatus)
and I call it using
http://localhost:1185/PMAHost/Service.svc/UpdateEncounterStatus/141/sfsa
but it give
the web.config is
<?xml version="1.0"?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="All" propagateActivity="true">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type=""/>
</add>
<add name="xml">
<filter type=""/>
</add>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="All">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type=""/>
</add>
<add name="xml">
<filter type=""/>
</add>
</listeners>
</source>
<source name="XMLService.dll" switchValue="Warning, ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type=""/>
</add>
<add name="xml">
<filter type=""/>
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="C:\XMLServiceTrace.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="xml"
traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, ProcessId, ThreadId, Callstack">
<filter type=""/>
</add>
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
<connectionStrings>
<roleManager enabled="true" />
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="Login"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
<authentication mode="Windows"/>
<customErrors mode="RemoteOnly"/>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="PMAService.PMA">
<endpoint address="" binding="webHttpBinding" contract="PMAService.IPMA" behaviorConfiguration="web">
</endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior>
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="defaultRest">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="64" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
</webHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<modules>
<remove name="WebDAVModule" />
</modules>
</system.webServer>
</configuration>

The UpdateEncounterStatus method is marked for POST request and when you are trying to issue the request from the browser address bar then you are issuing a GET request so you are getting 405 Method Not Allowed error. To fix this you have to mark the method with WebGet or WebInvoke(Method="GET")
UPDATE: In your case you are performing an update operation so as per REST you should not change it into GET only POST.

WCF Calling Service with a large message

I'm calling a method of WCF Service. The method pass a graph within image to the service.
All calls throw an exception saying:
The remote server returned an unexpected response: (400) Bad Request
I have read many posts concerning this problem, most of them suggest to increase the maxReceivedMessageSize. I tried to modify this and other settings but it doesn't solved the problem.
Finally I have activated tracing on server which says:
The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.
The value in my config file is set to 65536000.
My Config File:
<?xml version="1.0"?>
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Verbose, ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
<source name="System.ServiceModel" switchValue="Verbose,ActivityTracing"
propagateActivity="false">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelTraceListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="C:\Trace\messages.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
<add initializeData="C:\Trace\tracelog.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
<system.serviceModel>
<diagnostics wmiProviderEnabled="true">
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" />
<endToEndTracing propagateActivity="true" activityTracing="true"
messageFlowTracing="true" />
</diagnostics>
<behaviors>
<endpointBehaviors>
<behavior name="Beh">
<dataContractSerializer maxItemsInObjectGraph="10000000"/>
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="WebBinding" closeTimeout="00:10:00" openTimeout="00:10:00"
sendTimeout="00:10:00" maxBufferSize="65536000" maxBufferPoolSize="524288000"
maxReceivedMessageSize="65536000">
<readerQuotas maxDepth="500000000" maxStringContentLength="500000000"
maxArrayLength="500000000" maxBytesPerRead="500000000" maxNameTableCharCount="500000000" />
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="WcfService1.PleasureKraftService">
<clear />
<endpoint behaviorConfiguration="Beh" binding="webHttpBinding"
bindingConfiguration="WebBinding" name="Basic" contract="WcfService1.IMyService"
listenUriMode="Explicit">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="WcfService1.IMyService" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.web>
<compilation debug="false"/>
<customErrors mode="Off"/>
</system.web>
<connectionStrings>
<add name="Ent" connectionString="metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string="Data Source=xxxxxx;Initial Catalog=Eu;User ID=xxxxx;Password=xxxxx;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient"/>
</connectionStrings>
</configuration>

You probably need to define the MaxReceivedMessageSize property on both the client and the service.

Increase message max quota, probably timeout as well depending on message size - you can do so declaratively, or programmatically as shown below.
BasicHttpBinding Binding = new BasicHttpBinding();
Binding.ReceiveTimeout = new TimeSpan(???, 0, 0);
Binding.SendTimeout = new TimeSpan(???, 0, 0);
Binding.OpenTimeout = new TimeSpan(???, 0, 0);
Binding.CloseTimeout = new TimeSpan(???, 0, 0);
Binding.ReaderQuotas.MaxStringContentLength = ???;
Binding.ReaderQuotas.MaxArrayLength = ???;
Binding.ReaderQuotas.MaxBytesPerRead = ???;
Binding.ReaderQuotas.MaxNameTableCharCount = ???;
Binding.MaxReceivedMessageSize = ???;
Binding.MaxBufferPoolSize = ???;
Splits your payload into smaller chunks
OPTION 1: Chunk your payload yourself
OPTION 2: Channel chunking
http://msdn.microsoft.com/en-us/library/aa717050(v=vs.110).aspx

WIF STS ID3242: The security token could not be authenticated or authorized

I'm getting the following error in my client application when it tries to authenticate to my service:
ID3242: The security token could not be authenticated or authorized
Here is the configuration of the client:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<ws2007HttpBinding>
<binding name="stsBinding">
<security mode="Message">
<message clientCredentialType="UserName"
establishSecurityContext="false"
negotiateServiceCredential="true"/>
</security>
</binding>
</ws2007HttpBinding>
<ws2007FederationHttpBinding>
<binding name="echoClaimsBinding">
<security mode="Message">
<message>
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false"/>
</claimTypeRequirements>
<issuer address="http://localhost:17240/STS.svc"
bindingConfiguration="stsBinding"
binding="ws2007HttpBinding">
<identity>
<dns value="WCFSTS"/>
</identity>
</issuer>
<issuerMetadata address="http://localhost:17240/STS.svc/Mex"></issuerMetadata>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="echoClaimsBehavior">
<clientCredentials>
<serviceCertificate>
<defaultCertificate
findValue="CN=WCFSTS"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName"/>
<authentication
revocationMode="NoCheck"
certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:1438/EchoClaims.svc/EchoClaims"
binding="ws2007FederationHttpBinding"
bindingConfiguration="echoClaimsBinding"
contract="TestService.IEchoClaims"
name="WS2007FederationHttpBinding_IEchoClaims"
behaviorConfiguration="echoClaimsBehavior">
<identity>
<dns value="WCFServer"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Here is the configuration of the service
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<services>
<service name="WcfService1.EchoClaims"
behaviorConfiguration="echoClaimsBehavior">
<endpoint address=""
contract="WcfService1.IEchoClaims"
binding="ws2007FederationHttpBinding"
bindingConfiguration="echoClaimsBinding"></endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="echoClaimsBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate
findValue="CN=WCFServer"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="echoClaimsBinding">
<security mode="Message">
<message negotiateServiceCredential="true">
<!--<issuerMetadata address="http://localhost:17240/STS.svc/mex" />-->
<claimTypeRequirements>
<!--Following are the claims offered by STS 'http://localhost:17240/STS.svc'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" />
</claimTypeRequirements>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<diagnostics>
<messageLogging logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"></messageLogging>
</diagnostics>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris mode="Never"/>
<issuerNameRegistry type="WcfService1.CustomIssuerNameRegistry, WcfService1"/>
</service>
</microsoft.identityModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Warning, Error, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="ServiceModelTraceListener"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="ecb_tracelog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
</configuration>
Please let me know if anyone has an idea of how to determine why authentication is failing. I have Geneva STS tracing on verbose, but it's not giving me any messages about why the certificate isn't being authenticated.

In a similar situation, this forum post by Dominick Baier suggests that the web service rejects the token, so tracing at the STS would not show any problem.
He suggests to check this web service's <microsoft.identityModel><service><securityTokenHandlers><securityTokenHandlerConfiguration><audienceUris> section in its web.config, and to switch on the Microsoft.IdentityModel trace source in that same file.

In my case, turning tracing on revealed one more exception that was thrown before
ID3242: The security token could not be authenticated or authorized
Use this to turn on tracing on the WCF side:
<system.diagnostics>
<sources>
<source name="Microsoft.IdentityModel" switchValue="Verbose">
<listeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="D:\Logs\rie\RIE_Trace.log" />
</listeners>
</source>
</sources>
<trace autoflush="true" />
Again, in my case, the trace files revealed the following exception:
ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
Audience: http://some.th.ing/
Turns out the audienceUri was not correct in the WCF Web.config.
Hope this helps