Clever Geek Handbook

Why does this WCF call fail when passed in a federation security toker

I am trying to pass a security token from a client application to a WCF service for authentication.

In this example, I am just using the standard File project, New WCF Application and trying to call the GetData method.

I am getting the following exception on the client

{"The message could not be processed. This is most likely because the action ' http://tempuri.org/IService1/GetData ' is invalid, or because the message contains an invalid security context token or expired, or because there is a mismatch between the bindings. Context The security token will be invalidated if the service terminated the channel due to passivity. To prevent the service from terminating idle sessions prematurely increase the receive timeout on the service endpoint binding. " }

If I enable tracing in WCF service I see the following error

There was no channel that could accept an action message ' http://tempuri.org/IService1/GetData '.

The Web.Config for my service looks like this:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />        
  </configSections>

  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>

  <!--Configure STS-->
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://stsserver.security.int/myApp" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
        <trustedIssuers>
          <add thumbprint="‎3c8fc34bd483b07ba0d1509827fc4788c36247e4" name="StartSSL Login" />
        </trustedIssuers>
      </issuerNameRegistry>
      <certificateValidation certificateValidationMode="None"/>
    </identityConfiguration>
  </system.identityModel>

  <system.serviceModel>
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name ="IdentityServer">
          <security mode="TransportWithMessageCredential">
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    <services>
      <service name="Services.Service1" behaviorConfiguration="CertificateBehavior">
        <endpoint name="ws" binding="ws2007FederationHttpBinding" bindingConfiguration="IdentityServer" contract="Services.IService1" address=""/>
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior name="CertificateBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  </system.serviceModel>    
</configuration>

The method in my client application that calls this WCF service looks like this:

static void CallSecuredService(SecurityToken samlToken)
{
    var binding = new WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential));
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
    binding.Security.Message.EstablishSecurityContext = false;

    var factory = new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/myservice/Service1.svc"));
    factory.Credentials.SupportInteractive = false;
    factory.Credentials.UseIdentityConfiguration = true;
    var proxy = factory.CreateChannelWithIssuedToken(samlToken);

    Console.WriteLine(proxy.GetData(1));
}

Any pointers to things I have to check would be great, as I'm going to lose that a little now. I'm not sure how can I debug this further?

+3


source to share


1 answer


I finally managed to get past this error. The problem was a slight overlap between the service and client binding.

Changing my bindings in web.config fixes the problem



<bindings>
  <ws2007FederationHttpBinding>
    <binding name ="IdentityServer">
      <security mode="TransportWithMessageCredential">
        <message issuedKeyType="BearerKey" establishSecurityContext="false"/>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
</bindings>
+2


source






More articles:


All Articles