We are using the Enterprise Library 4.1 Exception Handling Application Block's ExceptionShielding feature in combination with a custom RoleProvider with our WCF services.
When the RoleProvider determines an user is not in a role and returns false from the IsInRole method, the following exception is occurring:
System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
No signature message parts were specified for messages with the '{XXX}' action.
WCF then aborts the RequestContext of the service operation, and the client times out.
I have attempted the solution referred to at this link with no success:
http://www.codeplex.com/entlib/Thread/View.aspx?ThreadId=25236
We also removed the System.Exception exception type from the EHAB policy, effectively having EHAB doing nothing for this policy, and this has no effect.
The only thing that prevents this exception is commenting out the ExceptionShielding attribute on the service implementation.
Any fix for this issue would be much appreciated.
I spent hours and hours trying to find out the reason.
I have posted my answer here.
Basically you need to define the Fault Action and set it to the same namespace.
Related
I have silverlight application which uses WCF for database operations. Using Fiddler I am able to tamper the parameters required for a particular method used in WCF and getting an exception "a:DeserializationFailedThe formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:parameters. The InnerException message was 'There was an error deserializing the object of type........". My security team does not like this and saying it is exposing the real exception. Is there any way to handle this type of exception and show some user define message? If yes then please provide the complete sample. I went through so many articles in internet but none of them is having complete solution.
You need to implement a custom error handler. See
http://msdn.microsoft.com/en-us/library/ms599828
For lots of reference details and this
http://www.neovolve.com/post/2008/04/07/implementing-ierrorhandler.aspx
For an example that implements (in a basic, but instructive way) exactly the exception shielding behaviour you are looking for.
When a method is called on a WCF channel that has been disconnected for some reason, it raises an ObjectDisposedException.
Now is normal operation this should not happen, but if for some reason it did, I would like to be able to handle the exception nicely by showing an error to the user like "An operation failed because the service is not connected".
The problem is I just get a generic disposed exception in my appwide exception handler, so I have no way of determining whether WCF threw it.
to get around this I currently have a wrapper class that simply wraps all service method calls with try/catch and rethrows any ObjectDisposedException's as a custom comms exception that my global handler can deal with. this is a load of boilerplate stuff I could do without though.
Is there any way of determining whether WCF threw the exception?
Cheers
I used to encounter such problem, it seems it's difficult to determine whether the WCF throws exception. You can't use the CommunicationObject.Status for this problem, only when you try to use that channel, it throws exception to tell you that the channel is faulted.
Therefore, I used the way like yours.
My service methods are marked with PrincipalPermissionAttribute and i have a custom IErrorHandler implementation attached to the service. When an incoming request has no permissions to execute the method System.Security.SecurityException is thrown. IErrorHandler.ProvideFault() is then triggered and i want to provide a special fault. But error parameter is not original exception, it's untyped FaultException. Moreover, error.InnerException is null despite i have the following setting in the config:
<serviceDebug includeExceptionDetailInFaults="true"/>
Why? How can i achieve the desired behavior?
According to this SecurityException is kind of "special" for WCF:
SecurityException is related to CAS
(Code Access Security), and it is a
fatal exception. Since this exception
is not related to any service model
exceptions, it cannot be handled by
IErrorHandler.
So i ended up by creating additional class which methods (called from the methods of the class implementing the service interface) are marked with PrincipalPermissionAttribute and a handler function with try/catch.
I have some WCF services with predefined FaultContract attributes. When the FaultException<TDetail> exceptions are thrown, they're sending StackTrace, Source and other potentially unsave information.
Is it possible to return only:
Detail (from the generic TDetail)
FaultMessage
FaultCode
(and possibly) FaultReason
Have you tried rolling your own fault exception using IErrorHandler? Also make sure in your app config file, the IncludeExceptionDetailInFaults attribute is set to false and, this might be helpful for best pratices.
I created a custom Membership Provider which is now working in production just fine validating my WCF calls.
I do have an issue every now and then that for some unknown reason my provider cannot validate the user. In those cases I do not want the ValidateUser function to just return false, so I thought of throwing and excception with a little more help (not too much, just a little).
My problem is, even though I am throwing a ProviderException the client always gets a MessageSecurityException with no helpful info... just the good old:
"An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail."
with "An error occurred when verifying security for the message." in the Inner.
How can I get the message I am throwing in my own ValidateUser method? what about a custom behavior?
Thanks in advance
I found this post that led me to a solution, I'm not sure if it is the right move
Properly catch SecurityTokenException from a WCF UserNamePasswordValidator
Basically I have to throw a FaultException which I'm not really happy abou because my Membership Provider implementation is WCF agnostic (or at least was until now) now it knows about FaultExceptions :(
Is there a better solution out there?