WCF SecurityNegotiationException

968 views Asked by At

I'm working on a WCF Service, sincerely I am new to WCF, and I'm stuck pretending to do a service with Message Security, self-hosted and using wsHttpBinding.

I get the next exception:

System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: The request for security token has invalid or malformed elements.

And this is the configuration file on server side:

<?xml version="1.0" encoding="utf-8"?>

<configuration>
  <system.diagnostics>

    <sources>
      <!-- En esta seccin se define la configuracin del registro para My.Application.Log -->
      <source name="DefaultSource" switchName="DefaultSwitch">
        <listeners>
          <add name="FileLog" />
          <!-- Quite los comentarios de la seccin posterior para escribir en el registro de eventos de la aplicacin -->
          <!--<add name="EventLog"/>-->
        </listeners>
      </source>
    </sources>

    <switches>
      <add name="DefaultSwitch" value="Information" />
    </switches>

    <sharedListeners>
      <add name="FileLog"
           type="Microsoft.VisualBasic.Logging.FileLogTraceListener, Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
           initializeData="FileLogWriter" />
      <!-- Quite los comentarios de la seccin posterior y reemplace APPLICATION_NAME con el nombre de su aplicacin para escribir en el registro de eventos de la aplicacin -->
      <!--<add name="EventLog" type="System.Diagnostics.EventLogTraceListener" initializeData="APPLICATION_NAME"/> -->
    </sharedListeners>
  </system.diagnostics>

  <system.serviceModel>
    <bindings>

      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security>
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
        <binding name="wsBehavior" closeTimeout="00:01:00"
                 openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                 bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                 maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                 messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                 allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
                           enabled="false" />
          <security mode="Message">
            <message clientCredentialType="Certificate" negotiateServiceCredential="true" establishSecurityContext="true"  />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

    <services>
      <service name="WCFServiceCertificate.Service1" behaviorConfiguration="WCFServiceCertificate.Service1Behavior">
        <!-- Service Endpoints -->
        <endpoint address="http://localhost/RHCloud.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
                  contract="WCFServiceCertificate.IService1">
          <!--
              Upon deployment, the following identity element should be removed or replaced to reflect the
              identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity
              automatically.
          -->
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>

    <client><!--risq.dyndns.biz-->
      <endpoint address="http://localhost/RHCloud.svc/A" binding="wsHttpBehavior"
                bindingConfiguration="wsBehavior" contract="ServicioRH.IAvisos"
                name="ServiceAvisos" behaviorConfiguration="CustomBehavior">
        <identity>
          <dns value="WCFServer" />
        </identity>
      </endpoint>

      <endpoint address="http://localhost/RHCloud.svc/P" binding="wsHttpBehavior"
                bindingConfiguration="wsBehavior" contract="ServicioRH.IPersonal"
                name="Servicepersonal" behaviorConfiguration="CustomBehavior">
        <identity>
          <dns value="WCFServer" />
        </identity>
      </endpoint>
    </client>

    <behaviors>

      <serviceBehaviors>
        <behavior name="WCFServiceCertificate.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="WCFServer"
                                storeLocation="CurrentUser"
                                storeName="My"
                                x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>

      <endpointBehaviors>
        <behavior name="CustomBehavior">
          <clientCredentials>
            <clientCertificate findValue="WCFClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser"
                               storeName="My" />
            <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>

    </behaviors>
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
</configuration>
0

There are 0 answers