When I configure a wcf service to use mutual certificate authentication the client leaks native memory with every call to the service. I already found the bug in the serializers, where a new serializer is added each time a new call is done. When I configure the service to use no authentication at all then the native memory leak does not happen.
Below follows the configuration of the client
public static System.ServiceModel.Channels.Binding CreateDefaultBinding()
System.ServiceModel.Channels.CustomBinding binding = new System.ServiceModel.Channels.CustomBinding();
binding.Elements.Add(new System.ServiceModel.Channels.TextMessageEncodingBindingElement(System.ServiceModel.Channels.MessageVersion.Soap11, System.Text.Encoding.UTF8));
System.ServiceModel.Channels.AsymmetricSecurityBindingElement asbe = new System.ServiceModel.Channels.AsymmetricSecurityBindingElement(new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Any, System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.Never), new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Any, System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.AlwaysToRecipient));
asbe.MessageSecurityVersion = System.ServiceModel.MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
asbe.LocalClientSettings.DetectReplays = false;
asbe.LocalServiceSettings.DetectReplays = false;
asbe.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic256Rsa15;
And the creation of the client:
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("service0");
var binding = QClient.CreateDefaultBinding();
var ep = new EndpointAddress(QClient.EndpointAddress.Uri, identity);
QClient client = new QClient(binding, ep);
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, clientCertificateName);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, serverCertificateName);
Does anyone know a solution? Its not possible to upgrade to windows phone.
You can submit this feedback to Microsoft Connect feedback Center in formal format. Microsoft engineers will evaluate them seriously and report to Product Group.
Or you can send this to the Visual Studio UserVoice site.
Jesse Jiang [MSFT]
MSDN Community Support | Feedback to us
We have been having the same problem but had not identified the security as being the culprit.
It is very helpful to know that we are not the only ones seeing this leak.
Do you think it could be to do with the Store Location of the ServerCertificate? Ours is in Trusted Authorities (the MS example in the WCF Guidance documentation gets it from the Root store).
We have found that it does not leak if the reply is not decrypted and deserialised. The request message on its own does not leak.
So I guess that the problem is with the use of the Server Certificate public key.
I will see if calling client.ClientCredentials.ServiceCertificate.DefaultCertificate.Reset and reloading the certificate will work around the problem....
Thanks for posting...
Calling DefaultCertificate.Reset did not help.
It seems as if the leak is in using the certificate, not in the certificate itself.
You are correct in that it is the Client Certificate that is leaking. The Server is using the Client Certificate to encrypt the reply and the Client is then attempting to decrypt and deserialise it.
- Upravený timd199 1. března 2012 19:08