0 Replies - 732 Views - Last Post: 19 December 2013 - 05:31 PM Rate Topic: -----

#1 poncianux   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 10
  • Joined: 05-January 11

WCF SecurityNegotiationException

Posted 19 December 2013 - 05:31 PM

Hello coders, I'm working on a WCF Service, sincerily I am noob at WCF and I'm stuck pretending to do a Service with Message Security, self-hosted and using wsHttpBinding.

I get the next exception:

System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: The request for security token has invalid or malformed elements.


and this is the configuration file on server side:

<?xml version="1.0" encoding="utf-8"?>

<configuration>
  <system.diagnostics>
    <sources>
      <!-- En esta sección se define la configuración del registro para My.Application.Log -->
      <source name="DefaultSource" switchName="DefaultSwitch">
        <listeners>
          <add name="FileLog" />
          <!-- Quite los comentarios de la sección posterior para escribir en el registro de eventos de la aplicación -->
          <!--<add name="EventLog"/>-->
        </listeners>
      </source>
    </sources>
    <switches>
      <add name="DefaultSwitch" value="Information" />
    </switches>
    <sharedListeners>
      <add name="FileLog"
           type="Microsoft.VisualBasic.Logging.FileLogTraceListener, Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
           initializeData="FileLogWriter" />
      <!-- Quite los comentarios de la sección posterior y reemplace APPLICATION_NAME con el nombre de su aplicación para escribir en el registro de eventos de la aplicación -->
      <!--<add name="EventLog" type="System.Diagnostics.EventLogTraceListener" initializeData="APPLICATION_NAME"/> -->
    </sharedListeners>
  </system.diagnostics>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security>
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
        <binding name="wsbehavior" closeTimeout="00:01:00"
                 openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                 bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                 maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                 messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                 allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
                           enabled="false" />
          <security mode="Message">
            <message clientCredentialType="Certificate" negotiateServiceCredential="true" establishSecurityContext="true"  />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="WCFServiceCertificate.Service1" behaviorConfiguration="WCFServiceCertificate.Service1behavior">
        <!-- Service Endpoints -->
        <endpoint address="http://localhost/RHCloud.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
                  contract="WCFServiceCertificate.IService1">
          <!-- 
              Upon deployment, the following identity element should be removed or replaced to reflect the 
              identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 
              automatically.
          -->
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <client><!--risq.dyndns.biz-->
      <endpoint address="http://localhost/RHCloud.svc/A" binding="wsHttpbehavior"
                bindingConfiguration="wsbehavior" contract="ServicioRH.IAvisos"
                name="ServiceAvisos" behaviorConfiguration="Custombehavior">
        <identity>
          <dns value="WCFServer" />
        </identity>
      </endpoint>
      <endpoint address="http://localhost/RHCloud.svc/P" binding="wsHttpbehavior"
                bindingConfiguration="wsbehavior" contract="ServicioRH.IPersonal"
                name="Servicepersonal" behaviorConfiguration="Custombehavior">
        <identity>
          <dns value="WCFServer" />
        </identity>
      </endpoint>
    </client>
    <behaviors>
      <servicebehaviors>
        <behavior name="WCFServiceCertificate.Service1behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="WCFServer"
                                storeLocation="CurrentUser"
                                storeName="My"
                                x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </servicebehaviors>
      <endpointbehaviors>
        <behavior name="Custombehavior">
          <clientCredentials>
            <clientCertificate findValue="WCFClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser"
                               storeName="My" />
            <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointbehaviors>
    </behaviors>
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
</configuration>



Hope you can help me configuring this WCF service, that has been a real nightmare

Thanks in advice

Is This A Good Question/Topic? 0
  • +

Page 1 of 1