none
Intermittent MessageSecurityException during WCF client server communication authentication via custom UserNamePasswordValidator RRS feed

  • Question

  • Hi,

    I have an intermittent issue with wcf service starting communication with another service resulting in MessageSecurityException.  This only happens when the service is deployed through installer and started for the first time but works after its restarted.   I get the below exception on the client side

    System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.

    The svclog trace file has the following exception logged: <ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

    <Message>Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security.</Message>

    Drilling deeper, I found out that the server custom UserNamePasswordValidator.Validate() method fails authenticating the user credentials.  But as I said before this happens sporadically and only the first time.   Restarting the service resolves the issue.  Appreciate if anyone could help resolve this issue.  

     
    • Edited by get2rayan Friday, January 24, 2014 8:12 PM
    Friday, January 24, 2014 7:59 PM

Answers

  • Hi,
    >>Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security

    First of all, please make sure Bindings are matched in the client and service, the security settings of the binding are same. As mentioned in the error message, the error can occur when the service is configured for a security and the client is not using security.

    And please try if it works when setting the security mode to 'None' for both the service and client.

    Also please try to check the following articles:
    #Secure Self-Hosted WCF REST Services with a Custom UserNamePasswordValidator:
    http://www.develop.com/secure-self-hosted-wcf-rest-services-with-a-custom-usernamepasswordvalidator .
    #Securing WCF Services: Authenticating With Custom UserNamePasswordValidator:
    http://burcakcakiroglu.com/?p=2179 .
    #WCF custom username and password validation with a custom UserNamePasswordValidator:
    http://robbincremers.me/2012/01/02/wcf-custom-username-and-password-validation-with-a-custom-usernamepasswordvalidator/ .

    If the issue still exists, please post the configuration(include binding configuration) for both service and client here.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    Monday, January 27, 2014 2:21 AM
    Moderator