![]() |
![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
|
Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
br> br> |
| |||||||
| | Thread Tools | Display Modes |
| | #1 (permalink) |
| Guest | WCF / wsHttpBinding / Digital Signature Corruption (!!) I've got a WCF Service hosted in IIS running on a Win2k3 machine. The service is built with Beta 2 of Orcas. The service is configured for Message Security, using the UserNameToken provider. Users are authenticated using the ASP.Net Membership provider, and authorized using the ASP.NET role provider. The server has a self-signed certificate installed and properly configured. The Service is configured to find this cert, and all of that seems to be working fine. All appropiate permissions have been given to the private key file, the client configs are configured to not do trust chain validation, and such. This service, when hosted on Windows XP running IIS5 works great. When a client hits the Service running on the Win2k3 machine, I get an authentication error back. The client sees, "The caller was not authenticated by the service.", with a callstack of: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. [Rest of callstack snipped] When I turn on tracing in the Server to try to track this down, I see very unexpected cause: System.ComponentModel.Win32Exception: The message or signature supplied for verification has been altered at System.ServiceModel.Security.TlsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob) This error cascades up, causes the authentication to fail (resulting in the client error), and makes the Service completly unusable. If I disable all security (<security mode="None">) and leave the endpoint as wsHttpBinding, then things work better, but this isn't a usable configuration. I'm not really sure where to go next, in terms of debugging. The fact that signature validation is failing is really throwing me for a loop. The fact that it works on 2 seperate Windows XP machines is really confusing me... Any suggestions? The relevant configuration setions are shown below. I've changed some names in pasting it in to protect the names of the innocent...: [Server config] <system.serviceModel> <bindings> <wsHttpBinding> <binding name="MembershipBinding" messageEncoding="Mtom"> <security mode="Message"> <message clientCredentialType="UserName"/> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="Absolve.MyBehavior"> <!-- Allow metadata for this service to be pulled by clients --> <serviceMetadata httpGetEnabled="true"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider"/> <!-- Configure the service certificate --> <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="Actual Thumbprint" /> </serviceCredentials> <!--<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="SqlRoleProvider"/> --> <serviceDebug includeExceptionDetailInFaults="true"/> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="MyBehavior" name="MyServiceCheck"> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MembershipBinding" contract="MyInterfaces.IRealInterface"/> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> </service> </services> </system.serviceModel> -- Chris Mullins, MCSD.NET, MCPD:Enterprise, Microsoft C# MVP http://www.coversant.com/blogs/cmullins |
My System Specs![]() |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Digital signature | _kossak_ | Live Mail | 1 | 04-25-2008 04:05 AM |
| Digital signature | Kjeld Carlsen | Vista mail | 3 | 04-23-2008 01:21 AM |
| Digital Signature | musmagic | Vista mail | 0 | 01-18-2008 01:57 PM |
| signature verification missing (digital Signature) on the Vista | verify | Vista security | 3 | 07-11-2007 12:38 PM |
| digital signature | Dee | Vista installation & setup | 0 | 03-23-2007 05:43 PM |