WCF Certificate Authentication with Support Token

Discussion in 'ASP .Net Web Services' started by Andrew Bassett, May 27, 2009.

  1. I'm trying to create a simple client/service using WCF. I'm using Certificate
    authentication and everything appears to work ok. However, when I add to my
    binding a supporting token my whole program just falls apart. I get the
    "Security protocol cannot verify the incoming message" error. I've included
    the exception being thrown by the service.

    <E2ETraceEvent
    xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System
    xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131075</EventID><Type>3</Type><SubType
    Name="Error">0</SubType><Level>2</Level><TimeCreated
    SystemTime="2009-05-27T03:01:58.2746375Z" /><Source
    Name="System.ServiceModel" /><Correlation
    ActivityID="{e75836e7-5eb3-40c5-b3c1-0d2d1b5727be}" /><Execution
    ProcessName="ComancheServer.vshost" ProcessID="4956" ThreadID="12" /><Channel
    /><Computer>HDQRKHVFLEZ</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord
    xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord"
    Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing
    an
    exception.</Description><AppDomain>ComancheServer.vshost.exe</AppDomain><Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException,
    System.ServiceModel, Version=3.0.0.0, Culture=neutral,
    PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Message security
    verification failed.</Message><StackTrace> at
    System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
    message, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)
    at
    System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ProcessRequestContext(RequestContext
    requestContext, TimeSpan timeout, SecurityProtocolCorrelationState&amp;
    correlationState, Boolean&amp; isSecurityProcessingFailure)
    at
    System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ReceiveRequestAsyncResult.WaitComplete()
    at
    System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ReceiveRequestAsyncResult..ctor(ServerSecuritySessionChannel
    channel, TimeSpan timeout, AsyncCallback callback, Object state)
    at
    System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.BeginTryReceiveRequest(TimeSpan
    timeout, AsyncCallback callback, Object state)
    at
    System.ServiceModel.Dispatcher.ReplyChannelBinder.BeginTryReceive(TimeSpan
    timeout, AsyncCallback callback, Object state)
    at
    System.ServiceModel.Dispatcher.ErrorHandlingReceiver.BeginTryReceive(TimeSpan
    timeout, AsyncCallback callback, Object state)
    at System.ServiceModel.Dispatcher.ChannelHandler.EnsurePump()
    at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()
    at
    System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
    at System.Security.SecurityContext.Run(SecurityContext securityContext,
    ContextCallback callback, Object state)
    at
    System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
    at
    System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
    at
    System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
    at
    System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32
    errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at
    System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    at
    System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32
    errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    </StackTrace><ExceptionString>System.ServiceModel.Security.MessageSecurityException:
    Message security verification failed. ---&gt;
    System.Security.Cryptography.CryptographicException: Digest verification
    failed for Reference '#ae663432-f450-4944-8561-1c43030566ee'.
    at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String
    id, Object resolvedXmlSource)
    at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
    resolvedXmlSource)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
    signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
    Boolean isPrimarySignature, Object signatureTarget, String id)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
    signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
    Object signatureTarget, String id)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
    encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
    Boolean&amp; primarySignatureFound)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
    timeout)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
    securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
    TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at
    System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
    message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
    message, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)
    --- End of inner exception stack trace
    ---</ExceptionString><InnerException><ExceptionType>System.Security.Cryptography.CryptographicException,
    mscorlib, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Digest verification
    failed for Reference
    '#ae663432-f450-4944-8561-1c43030566ee'.</Message><StackTrace> at
    System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id,
    Object resolvedXmlSource)
    at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
    resolvedXmlSource)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
    signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
    Boolean isPrimarySignature, Object signatureTarget, String id)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
    signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
    Object signatureTarget, String id)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
    encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
    Boolean&amp; primarySignatureFound)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
    timeout)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
    securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
    TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at
    System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
    message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
    message, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)</StackTrace><ExceptionString>System.Security.Cryptography.CryptographicException:
    Digest verification failed for Reference
    '#ae663432-f450-4944-8561-1c43030566ee'.
    at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String
    id, Object resolvedXmlSource)
    at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
    resolvedXmlSource)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
    signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
    Boolean isPrimarySignature, Object signatureTarget, String id)
    at
    System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
    signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
    Object signatureTarget, String id)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
    encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
    Boolean&amp; primarySignatureFound)
    at
    System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
    timeout)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
    securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
    TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at
    System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
    message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)
    at
    System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
    message, TimeSpan timeout, SecurityProtocolCorrelationState[]
    correlationStates)</ExceptionString></InnerException></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent>
     
    Andrew Bassett, May 27, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cronus
    Replies:
    1
    Views:
    676
    Paul Mensonides
    Jul 15, 2004
  2. G Fernandes
    Replies:
    1
    Views:
    531
  3. Wessi
    Replies:
    3
    Views:
    862
    Lawrence Kirby
    Aug 11, 2005
  4. =?Utf-8?B?Y2FzaGRlc2ttYWM=?=

    This is an unexpected token. The expected token is 'NAME'

    =?Utf-8?B?Y2FzaGRlc2ttYWM=?=, Jul 13, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    784
    =?Utf-8?B?Y2FzaGRlc2ttYWM=?=
    Jul 13, 2007
  5. Robertro

    WCF Custom Security Token - without certificate!

    Robertro, Jul 16, 2009, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    877
    Robertro
    Jul 16, 2009
Loading...

Share This Page