Windows Vista Forums
Vista Forums Home Join Vista Forums Donate Vista Tutorials Tags

Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Microsoft Technical Newsgroups > Indigo
Reload this Page wsHttpBinding message security
Join Now FAQ Search Today's Posts Mark Forums Read

wsHttpBinding message security

 
 
Thread Tools Display Modes
Old 04-12-2007   #1 (permalink)
miantosca
Guest
 

wsHttpBinding message security
I am trying ot get a wcf service running with message level security and
username/pw client credentials. When I try to make a call on my proxy it
throws an exception on the client:

Inner Exception: "The request for security token has invalid or malformed
elements."

Outer: "Secure channel cannot be opened because security negotiation with
the remote endpoint has failed. This may be due to absent or incorrectly
specified EndpointIdentity in the EndpointAddress used to create the channel.
Please verify the EndpointIdentity specified or implied by the
EndpointAddress correctly identifies the remote endpoint."

I have self signed certificate installed and configured - not sure where to
look for the problem:


here is my service config file:
********************


<configuration>
<system.serviceModel>
<services>
<service name="ExtranetWebService.ExtranetService"
behaviorConfiguration="extranetServiceBehavior">
<endpoint contract="ExtranetWebService.IExtranetService"
binding="wsHttpBinding">
</endpoint>
<endpoint contract="IMetadataExchange" binding="mexHttpBinding"
address="mex" />
</service>
</services>

<behaviors>
<serviceBehaviors>
<behavior name="extranetServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true"/>
<serviceAuthorization principalPermissionMode="Custom"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ExtranetWebService.CustomWCFUserNameValidator,ExtranetWebService"/>

<serviceCertificate findValue="XPS" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding" maxReceivedMessageSize="2000000">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>

and my client config file:
******************

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IExtranetService"
maxReceivedMessageSize="2000000">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:80/ExtranetService"
behaviorConfiguration="ClientCertificateBehavior"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IExtranetService"
contract="ExtranetExplorer.ExtranetService.IExtranetService"
name="WSHttpBinding_IExtranetService">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>



I also turned on tracing to get more detail and here is a snippet from that:
************************************



<Message>Incoming binary negotiation has invalid ValueType
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego.</Message><StackTrace>
at
System.ServiceModel.Security.BinaryNegotiation.Validate(XmlDictionaryString
valueTypeUriDictionaryString)
at
System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
at
System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message
request, RequestSecurityToken requestSecurityToken,
SspiNegotiationTokenAuthenticatorState&amp; negotiationState)
at
System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)


and my custom username validator class:
**************************


namespace ExtranetWebService
{
/// <summary>
/// used to authenticate users against eDefine security framework
/// </summary>
class CustomWCFUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (userName == null || password == null)
{
throw new ArgumentNullException();
}

//check username and password
if(eDefine.Framework.Security.UserManager.Login(userName, password).Status
!= eDefine.Framework.Security.LoginStatus.Success)
{
throw new SecurityTokenException("ERROR: Unkown username or incorrect
password");
}
}
}
}
Old 04-12-2007   #2 (permalink)
miantosca
Guest
 

RE: wsHttpBinding message security
After using the SvcTraceViewer I was able to see the offending message which
I thought might help shed some light on what might be wrong with it

HERE IT IS:

<MessageLogTraceRecord>
<HttpRequest
xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<Connection>Keep-Alive</Connection>
<Content-Length>1155</Content-Length>
<Content-Type>application/soap+xml; charset=utf-8</Content-Type>
<Expect>100-continue</Expect>
<Host>localhost</Host>
</WebHeaders>
</HttpRequest>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:fa9ada57-85f6-47b8-8dab-8c305c49b7a6</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">http://localhost/ExtranetService</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken
Context="uuid-d5721b46-22ca-46fa-b3f9-3322e89716ca-1"
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType="
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFcBAABTAwFGHp4pHk7OU5hDwKnfroluSZNinvXB1LrCzznS2RqD9AAAGAAvADUABQAKwAnACsATwBQAMgA4ABMABAEAABIACgAIAAYAFwAYABkACwACAQA=</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
 

« Re: Cannot debug WCF service | WCF serialization architecture question, not creating multiple instances of existing business objects »
Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Security Log in Message Candice Vista mail 22 02-07-2008 08:06 PM
Bug: Incorrect security message Alice Vista security 0 11-26-2006 04:24 AM








Vistax64.com is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media 2005-2008
Bookmark Us! - Contact Us - Windows Vista Forums - Archive - Privacy - Legal - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50