WCF Certificate Authentication with Support Token


A

Andrew Bassett

I'm trying to create a simple client/service using WCF. I'm using Certificate
authentication and everything appears to work ok. However, when I add to my
binding a supporting token my whole program just falls apart. I get the
"Security protocol cannot verify the incoming message" error. I've included
the exception being thrown by the service.

<E2ETraceEvent
xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System
xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131075</EventID><Type>3</Type><SubType
Name="Error">0</SubType><Level>2</Level><TimeCreated
SystemTime="2009-05-27T03:01:58.2746375Z" /><Source
Name="System.ServiceModel" /><Correlation
ActivityID="{e75836e7-5eb3-40c5-b3c1-0d2d1b5727be}" /><Execution
ProcessName="ComancheServer.vshost" ProcessID="4956" ThreadID="12" /><Channel
/><Computer>HDQRKHVFLEZ</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord
xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord"
Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing
an
exception.</Description><AppDomain>ComancheServer.vshost.exe</AppDomain><Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException,
System.ServiceModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Message security
verification failed.</Message><StackTrace> at
System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)
at
System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ProcessRequestContext(RequestContext
requestContext, TimeSpan timeout, SecurityProtocolCorrelationState&amp;
correlationState, Boolean&amp; isSecurityProcessingFailure)
at
System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ReceiveRequestAsyncResult.WaitComplete()
at
System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.ReceiveRequestAsyncResult..ctor(ServerSecuritySessionChannel
channel, TimeSpan timeout, AsyncCallback callback, Object state)
at
System.ServiceModel.Security.SecuritySessionServerSettings.ServerSecuritySessionChannel.BeginTryReceiveRequest(TimeSpan
timeout, AsyncCallback callback, Object state)
at
System.ServiceModel.Dispatcher.ReplyChannelBinder.BeginTryReceive(TimeSpan
timeout, AsyncCallback callback, Object state)
at
System.ServiceModel.Dispatcher.ErrorHandlingReceiver.BeginTryReceive(TimeSpan
timeout, AsyncCallback callback, Object state)
at System.ServiceModel.Dispatcher.ChannelHandler.EnsurePump()
at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()
at
System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
at System.Security.SecurityContext.Run(SecurityContext securityContext,
ContextCallback callback, Object state)
at
System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
at
System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
at
System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
at
System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32
errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
at
System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
at
System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32
errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
</StackTrace><ExceptionString>System.ServiceModel.Security.MessageSecurityException:
Message security verification failed. ---&gt;
System.Security.Cryptography.CryptographicException: Digest verification
failed for Reference '#ae663432-f450-4944-8561-1c43030566ee'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String
id, Object resolvedXmlSource)
at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
resolvedXmlSource)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
Boolean isPrimarySignature, Object signatureTarget, String id)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
Object signatureTarget, String id)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
Boolean&amp; primarySignatureFound)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
timeout)
at
System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at
System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)
at
System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)
--- End of inner exception stack trace
---</ExceptionString><InnerException><ExceptionType>System.Security.Cryptography.CryptographicException,
mscorlib, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Digest verification
failed for Reference
'#ae663432-f450-4944-8561-1c43030566ee'.</Message><StackTrace> at
System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id,
Object resolvedXmlSource)
at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
resolvedXmlSource)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
Boolean isPrimarySignature, Object signatureTarget, String id)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
Object signatureTarget, String id)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
Boolean&amp; primarySignatureFound)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
timeout)
at
System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at
System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)
at
System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)</StackTrace><ExceptionString>System.Security.Cryptography.CryptographicException:
Digest verification failed for Reference
'#ae663432-f450-4944-8561-1c43030566ee'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String
id, Object resolvedXmlSource)
at System.IdentityModel.Reference.EnsureDigestValidity(String id, Object
resolvedXmlSource)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ValidateDigestsOfTargetsInSecurityHeader(StandardSignedInfo
signedInfo, SecurityTimestamp timestamp, Boolean encryptedFormReaderRequired,
Boolean isPrimarySignature, Object signatureTarget, String id)
at
System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml
signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver,
Object signatureTarget, String id)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessEncryptedData(EncryptedData
encryptedData, TimeSpan timeout, Int32 position, Boolean eagerMode,
Boolean&amp; primarySignatureFound)
at
System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan
timeout)
at
System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader
securityHeader, Message&amp; message, SecurityToken requiredSigningToken,
TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at
System.ServiceModel.Security.AcceptorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message&amp;
message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)
at
System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[]
correlationStates)</ExceptionString></InnerException></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent>
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WCF Service Error 0

Top