Re: System.ServiceModel.Security.SecurityNegotiationException
- From: Manjree Garg <garg@xxxxxxxxxxxxxxxx>
- Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.
"Morten Abrahamsen" wrote:
Try changing.
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <garg@xxxxxxxxxxxxxxxx> wrote in message
news:592D36EB-36DF-40AF-9934-CCC00F2A5B53@xxxxxxxxxxxxxxxx
Hi,
I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationException' occurred in
mscorlib.dll
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
try
{
//Create the host.
Uri address = new
Uri("http://localhost:8080/PreprocessingService";);
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
myHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
creds.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();
Trace.WriteLine("state = "+ myHost.State);
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}
and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService";);
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocess> cf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(binding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService";
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
cheers,
Manjree
- References:
- System.ServiceModel.Security.SecurityNegotiationException
- From: Manjree Garg
- Re: System.ServiceModel.Security.SecurityNegotiationException
- From: Morten Abrahamsen
- System.ServiceModel.Security.SecurityNegotiationException
- Prev by Date: Re: Gzip compression and SendTimeout
- Next by Date: Re: get IHttpHandler
- Previous by thread: Re: System.ServiceModel.Security.SecurityNegotiationException
- Next by thread: Configure HTTPS in IIS hested WCF
- Index(es):
Relevant Pages
|
