locked
IErrorHandler won't catch MessageSecurityException? RRS feed

  • Question

  • Hello,

    I'm use TransportWithMessageCredential with custom UserNamePasswordValidator. I aslo have a IErrorHandler implementation to prompt the exception to FaultExcepion. Both of the authentication and ErrorHandler work well. But I find the message security exception throws from UserNamePasswordValidator.Valiate method will not reach IErrorHandler. How I can do for this? Thanks.


    问题要简单,错误须详细@错误/异常/堆栈信息+操作系统+软件版本+all the context of the issue Hope Helpful | http://www.leoworks.net
    Wednesday, June 22, 2011 8:48 AM

All replies

  • Hello,

    I think you cannot. My high level understanding is that authentication executes in separate thread before the execution is passed to operation thread and only operation thread uses error handler.

    Best regards,
    Ladislav

    Wednesday, June 22, 2011 9:07 AM
  • Hi Ladislav, 

    Thanks for your message. I guest you are right at this point. I find a similar issue from http://connect.microsoft.com/VisualStudio/feedback/details/371181/wcf-ierrorhandler-logging-securityexceptions .

    So let's forget the security exception and IErrorHandler for a moment. But I wonder if I have some other method to customize the fault code. If my WCF client don't provide the security credentials, it will get the following fault. My client is PHP. They ask for us to change the fault code, for example, from the default InvalidSecurity to a kind of numberic code 401.  Any idea? Thanks.

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">

       <s:Body>

          <s:Fault>

             <faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>

             <faultstring xml:lang="zh-CN">An error occurred when verifying security for the message.</faultstring>

          </s:Fault>

       </s:Body>

    </s:Envelope>

     

     


    问题要简单,错误须详细@错误/异常/堆栈信息+操作系统+软件版本+all the context of the issue Hope Helpful | http://www.leoworks.net
    Wednesday, June 22, 2011 9:32 AM
  • Hi,

    You can set the faultcode like below:

    throw new FaultException("message", new FaultCode("401"));

    regards

     

     


    Dennis van de Laar http://www.dennisvandelaar.net
    Wednesday, June 22, 2011 11:24 AM
  • Hi Dennis

    In my test, if i throws FaultException from UserNameValidatior.Validate,  the custom fault code and message will really reach the client. But when the client does not provide the credentials (because my client is php, they are free to provide any format of the credential), the caller won't reach the UserNameValidatior.Validate method, the soap response as following. I want to replace the InvalidSecurity error code with my own code.

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">

       <s:Body>

          <s:Fault>

             <faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>

             <faultstring xml:lang="zh-CN">An error occurred when verifying security for the message.</faultstring>

          </s:Fault>

       </s:Body>

    </s:Envelope>


    问题要简单,错误须详细@错误/异常/堆栈信息+操作系统+软件版本+all the context of the issue Hope Helpful | http://www.leoworks.net
    Thursday, June 23, 2011 4:00 AM