Geek Answers Handbook

WCF SecurityNegotiationException Service

I run a simple service on my server with WCF; the service is hosted in WebDev.WebServer.exe (locally).

When I call the local service, I get the following exception:

Unhandled exception: System.ServiceModel.Security.SecurityNegotiationException: The secure channel cannot be opened because security negotiation with the remote endpoint failed. This may be due to the missing or incorrect indication of EndpointIdentity in the EndpointAddress used to create the channel. Verify that the EndpointIdentity, specified or implied by EndpointAddress, correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: A message from Action ' http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue ' cannot be processed at the receiver due to a ContractFilter mismatch in EndpointDispatcher. This may be due to either a contract mismatch (actions mismatch between the sender and the recipient), or a binding / security mismatch between the sender and the recipient. Make sure that the sender and the recipient have the same contract and the same binding (including security requirements, such as message, transport, no).

Here are my two app.config files from client and server. I made app.config from the client using the svcutil-Tool, so it should be right:

Client

<client> <endpoint address="http://localhost:1634/UsuarioContexto.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IUsuarioContexto" contract="CarWin.ServiceContracts.Interfaces.IUsuarioContexto" name="LOCAL_WSHttpBinding_IUsuarioContexto"> <identity><dns value="localhost" /></identity> </endpoint> </client> <binding name="WSHttpBinding_IUsuarioContexto" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /> </security> </binding>

Server

 <services> <service behaviorConfiguration="UsuarioContextoBehavior" name="UserContext.Host.UsuarioContexto"> <endpoint address="" binding="wsHttpBinding" bindingNamespace="http://CarWin" bindingConfiguration="wsHttpBinding_IUsuarioContexto" contract="CarWin.ServiceContracts.Interfaces.IUsuarioContexto"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttpBinding_IUsuarioContexto" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" maxBytesPerRead="2147483647" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="None"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="UsuarioContextoBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors>
+7
security exception service wcf
source share
2 answers

The problem was in the server, I put mode = "Message" and it works fine. thanks.

 <security mode="None"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /> </security>
+12
source share

WCF is very powerful, but can be a configuration nightmare. Here are some potential conclusions:

  • Turn on WCF trace logs, repeat your script, and then check the logs using SvcTraceViewer.exe
  • Find out how far the message is transmitted ...
    • i.e. the client generates a request and sends it to the server, which rejects it (i.e. in the lower layers of WCF before your own service code has arrived);
    • or the request stops on its tracks before that. The client does not even send a request
  • http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue is a message associated with the WS-Trust token, so something like authentication will happen
    • an error implying that there is a configuration mismatch, but the use of SvcUtil should be built as you said
  • Client binding has a server at http: // localhost: 1634 / UsuarioContexto.svc "
    • I do not see that the port specified in the service configuration ... is a service listening on this port?
    • If you open a browser and aim it at that URL, do you get the default service page?
+4
source share

More articles:


All Articles