locked
"An error occurred when verifying security for the message." after deploying the secure WCF service on Azure RRS feed

  • Question

  • Hello,

    I wrote a WCF service with HTTPS endpoint, this service works fine when deployed on my machine, but when i deploy the service on azure and try to cosume the service in a windows phone application i get this error while making a secure call :

    "An error occurred when verifying security for the message."

    Can anyone help me in solving this or Is there any way i can view the Azure event logs ?

    Thanks

    Vamsee

    Sunday, September 23, 2012 2:50 PM

Answers

  • If you use a desktop client to connect to the service or if you use the Windows Phone client to connect to the local version of the service, does it work fine? I can think of two potential causes:

    1. You don't have a real SSL certificate. Self signed certificates by default are not trusted. So you must install it on the client device. To install a certificate on Windows Phone, follow the steps on http://blogs.msdn.com/b/davidhardin/archive/2010/12/30/wp7-and-self-signed-ssl-certificates.aspx. Note it is highly recommended to use a purchased certificate unless you're the only one who need to consume the service. You cannot force your user to install certificates on their phones.

    2. You use a security model that is not supported by Windows Phone, such as Windows authentication, or you use basic authentication in the wrong way. Windows Phone has limited support for WCF. Please refer to http://msdn.microsoft.com/en-us/library/ff637320(VS.95).aspx#WCF for more details.

    In addition, consider to use ASP.NET Web API to build a REST service, or use WCF Data Services to build an OData service, instead of using traditional WCF to build a SOAP service. Devices such as iPhone and Android do not have built-in APIs to consume SOAP services. So REST services give you better interoperability.

    Tuesday, September 25, 2012 6:03 AM

All replies

  • You need to enable WCF tracing in the server to see what is causing the fault: http://msdn.microsoft.com/en-us/library/ms733025.aspx


    Developer Security MVP | www.syfuhs.net

    Monday, September 24, 2012 11:50 PM
  • If you use a desktop client to connect to the service or if you use the Windows Phone client to connect to the local version of the service, does it work fine? I can think of two potential causes:

    1. You don't have a real SSL certificate. Self signed certificates by default are not trusted. So you must install it on the client device. To install a certificate on Windows Phone, follow the steps on http://blogs.msdn.com/b/davidhardin/archive/2010/12/30/wp7-and-self-signed-ssl-certificates.aspx. Note it is highly recommended to use a purchased certificate unless you're the only one who need to consume the service. You cannot force your user to install certificates on their phones.

    2. You use a security model that is not supported by Windows Phone, such as Windows authentication, or you use basic authentication in the wrong way. Windows Phone has limited support for WCF. Please refer to http://msdn.microsoft.com/en-us/library/ff637320(VS.95).aspx#WCF for more details.

    In addition, consider to use ASP.NET Web API to build a REST service, or use WCF Data Services to build an OData service, instead of using traditional WCF to build a SOAP service. Devices such as iPhone and Android do not have built-in APIs to consume SOAP services. So REST services give you better interoperability.

    Tuesday, September 25, 2012 6:03 AM