Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Misc Newsgroups > Indigo
Reload this Page wsHttpBinding message security
Join Now FAQ Search Today's Posts Mark Forums Read

Vista - wsHttpBinding message security

 
 
Old 04-12-2007   #1 (permalink)
miantosca


 
 

wsHttpBinding message security
I am trying ot get a wcf service running with message level security and
username/pw client credentials. When I try to make a call on my proxy it
throws an exception on the client:

Inner Exception: "The request for security token has invalid or malformed
elements."

Outer: "Secure channel cannot be opened because security negotiation with
the remote endpoint has failed. This may be due to absent or incorrectly
specified EndpointIdentity in the EndpointAddress used to create the channel.
Please verify the EndpointIdentity specified or implied by the
EndpointAddress correctly identifies the remote endpoint."

I have self signed certificate installed and configured - not sure where to
look for the problem:


here is my service config file:
********************


<configuration>
<system.serviceModel>
<services>
<service name="ExtranetWebService.ExtranetService"
behaviorConfiguration="extranetServiceBehavior">
<endpoint contract="ExtranetWebService.IExtranetService"
binding="wsHttpBinding">
</endpoint>
<endpoint contract="IMetadataExchange" binding="mexHttpBinding"
address="mex" />
</service>
</services>

<behaviors>
<serviceBehaviors>
<behavior name="extranetServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true"/>
<serviceAuthorization principalPermissionMode="Custom"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ExtranetWebService.CustomWCFUserNameValidator,ExtranetWebService"/>

<serviceCertificate findValue="XPS" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding" maxReceivedMessageSize="2000000">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>

and my client config file:
******************

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IExtranetService"
maxReceivedMessageSize="2000000">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:80/ExtranetService"
behaviorConfiguration="ClientCertificateBehavior"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IExtranetService"
contract="ExtranetExplorer.ExtranetService.IExtranetService"
name="WSHttpBinding_IExtranetService">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>



I also turned on tracing to get more detail and here is a snippet from that:
************************************



<Message>Incoming binary negotiation has invalid ValueType
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego.</Message><StackTrace>
at
System.ServiceModel.Security.BinaryNegotiation.Validate(XmlDictionaryString
valueTypeUriDictionaryString)
at
System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
at
System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message
request, RequestSecurityToken requestSecurityToken,
SspiNegotiationTokenAuthenticatorState&amp; negotiationState)
at
System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)


and my custom username validator class:
**************************


namespace ExtranetWebService
{
/// <summary>
/// used to authenticate users against eDefine security framework
/// </summary>
class CustomWCFUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (userName == null || password == null)
{
throw new ArgumentNullException();
}

//check username and password
if(eDefine.Framework.Security.UserManager.Login(userName, password).Status
!= eDefine.Framework.Security.LoginStatus.Success)
{
throw new SecurityTokenException("ERROR: Unkown username or incorrect
password");
}
}
}
}
My System SpecsSystem Spec
Old 04-12-2007   #2 (permalink)
miantosca


 
 

RE: wsHttpBinding message security
After using the SvcTraceViewer I was able to see the offending message which
I thought might help shed some light on what might be wrong with it

HERE IT IS:

<MessageLogTraceRecord>
<HttpRequest
xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<Connection>Keep-Alive</Connection>
<Content-Length>1155</Content-Length>
<Content-Type>application/soap+xml; charset=utf-8</Content-Type>
<Expect>100-continue</Expect>
<Host>localhost</Host>
</WebHeaders>
</HttpRequest>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:fa9ada57-85f6-47b8-8dab-8c305c49b7a6</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">http://localhost/ExtranetService</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken
Context="uuid-d5721b46-22ca-46fa-b3f9-3322e89716ca-1"
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType="
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFcBAABTAwFGHp4pHk7OU5hDwKnfroluSZNinvXB1LrCzznS2RqD9AAAGAAvADUABQAKwAnACsATwBQAMgA4ABMABAEAABIACgAIAAYAFwAYABkACwACAQA=</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
My System SpecsSystem Spec
 

« Re: Cannot debug WCF service | WCF serialization architecture question, not creating multiple instances of existing business objects »
Thread Tools


Similar Threads
Thread Forum
Authentication error using WSHttpBinding in WCF .NET General
security firewall message .NET General
Windows Security Log in Message Vista mail


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
Contact Us - Windows Vista Forums - Archive - Privacy - Legal - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46