StockTrader 2.04 Sample Exception: The request for security token could not be satisfied because authentication failed.

Question

Hello, everyone,

I followed the tutorial exactly three times and always stopped the same step where the Order Processor could not be activated.  There is nothing wrong when I followed the tutorial steps except that there is a firewall blocking issue caused by required port 6004 to be created.  The following is the error message that might be helpful for you to help me out:

Messages on Business Services Configuration Host Consol——Configuration Console tab：

 

Poll!

 

Checked: http://twinwooddevsvr.develop.twinwood.com:8000/orders. Binding Config: Client_WsHttpBinding_M_Security_OPS

Result: Fail! This service endpoint will not be activated. Connection exception is:

The caller was not authenticated by the service.

Inner Exception is: The request for security token could not be satisfied because authentication failed.

 

 

Messages on Order Processor Configuration Host Consol——Configuration Console tab：

 

Request for SOA Node Map receieved

-----> Getting SOA Node Map.

 

Failed Online Status check for endpoint: http://twinwooddevsvr.develop.twinwood.com:8000/orders. Please examine the failure message following, likely, (1) A firewall issue blocking communication on a port -- inbound or outbound on this node or remote node(s); (2) You forgot to include a <client> definition for your service within your *HOSTS* .config file (each host must define clients in the .config file to its own services for intra-node checking of endpoints); (3) a binding configuration issue--check the servicemodel client definition in .config to ensure the binding configuration name exists and this binding config is appropriate for the service (transport, security, etc.);  or (4) The host is not running, is in the process of shutting down, or network connectivity has been lost...

The service connection check exception is: The caller was not authenticated by the service.

Inner Exception is: The request for security token could not be satisfied because authentication failed.



I have finished the Step by Step Walk-through and get no problem at all.  My operating system is Windows 2003 (Chinese), is the windows version a problem? 

If someone knows how to resovle this problem, please provide helpful hints, Thanks!

Allen

Answer 1

I would try the following to get more information on exactly what is happening. 

-Do a debug build of Configurarion Service solution
-Next do a debug build of the Order Process solution, which will pick up the newly built debug assemblies for COnfig Service
-Goto \stocktrader\builds\orderprocessorhost and run Trade.OrderProcessorHost.exe; make sure to "Run as Administrator" when launching. 

Now, in the Configuration Service solution in Visual Studio; open the project CustomValidators. Open the file CustomValidators.cs, and set a breakpoint on line 113.  It is the first line in the Validate() method in the CustomCertificateValidator class as shown in the below snippet:

-----------------------------------------------

 

 

public abstract class CustomCertificateValidator : X509CertificateValidator

{

 

 

/// <summary>

 

 

/// Override with a provided method that returns an array

 

 

/// of thumbprints as strings.

 

 

/// </summary>

 

 

/// <returns></returns>

 

 

protected abstract string[] getAllowedThumbprints();

 

 

public override void Validate(X509Certificate2 certificate)

{

 

 

// create chain and set validation options

 

 

X509Chain chain = new X509Chain();

SetValidationSettings(chain);

 

 

// optional check if cert is valid

 

 

if (!chain.Build(certificate))

{

 

 

throw new SecurityTokenValidationException("Client certificate is not valid!");

}

 

 

// check if cert is from our trusted list

 

 

if (!isTrusted(chain, getAllowedThumbprints()))

{

 

 

throw new SecurityTokenValidationException("Client certificate is not trusted!");

}

}

----------------------------------------------------

Now in the COnfig Service solution, use Visual Studio Debug menu to attach to the running process Trade.OrderProcessorServiceHost.exe process.

When you first fire up the Web App, this breakpoint should be hit (channels are opened right away, even before an order is placed); or when you goto SOAMAP from the OrderProcessor windows host program, you should also hit the breakpoint.  From here, you can step through the code and see more info (hopefully) on where it is failing and why.

-Greg

---

Greg Leake, Microsoft

Answer 2

Hi, Gregory Leake,

I followed your suggestions and finally made everything worked perfectly.  Thank you very much!

I did "Attach to Process" to debug the Configuration solution and found out the exception is related to the test certificate configuration but the certificates and the software code is no problem at all.  I spent a couple of weeks and read tons of reference articles and got even more confused.  When I finally somehow seccefully make it worked I even don't not know how and why.  However I would say now the StockTrader becomes a valueable source for me to learn more of the cutting edge technologies presented by the sample.  Thanks again for your helpful hints!

Allen