none
CommunicationException when calling Web Service Method with MaxClockSkew set in app.config RRS feed

  • Question

  • I am trying to set max clock skew for a web service. I followed the MSDN tutorial on how to set max clock skew through a custom binding in the app.config file. When I call the web service method

    var output = CustomServiceClient.Select(input);

    I get the error 

    "An error occurred while making the HTTP request to https://***********:7002/context-root-*******/ServiceManagerPort. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

    The underlying connection was closed: An unexpected error occurred on a send.

    The handshake failed due to an unexpected packet format.

    I googled all the sources out there without luck. I really have no idea of the root cause but here is all the information I have.

    app.config

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
              <customBinding>
                <binding name="MaxClockSkewBinding">
                  <textMessageEncoding />
                  <security authenticationMode="UserNameOverTransport">
                    <localClientSettings maxClockSkew="00:07:00" />
                    <localServiceSettings maxClockSkew="00:07:00" />
                    <secureConversationBootstrap>
                      <localClientSettings maxClockSkew="00:30:00" />
                      <localServiceSettings maxClockSkew="00:30:00" />
                    </secureConversationBootstrap>
                  </security>
                  <httpsTransport />
                </binding>
              </customBinding>
            </bindings>
            <client>
                <endpoint address="https://************/context-root-*******/ServiceManagerPort"
                    binding="customBinding" bindingConfiguration="MaxClockSkewBinding"
                    contract="WebService.ServiceManager" name="ServiceManagerPort" />
            </client>
        </system.serviceModel>
    </configuration>


                System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate (object clientSender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
    
                string urlHttps = "https://**********:7002/context-root-********/ServiceManagerPort?WSDL";
                
                EndpointAddress ea = new EndpointAddress(urlHttps);
                WebService.ServiceManagerClient CustomServiceClient = new WebService.ServiceManagerClient();
                CustomServiceClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
                CustomServiceClient.ClientCredentials.UserName.UserName = "********";
                CustomServiceClient.ClientCredentials.UserName.Password = "*********";
    
                Input input = new WebService.Input();
                System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
                var output = CustomServiceClient.Select(input);

    I would like to know if there is something that I am doing (or not doing) in the code that is inducing the error. 

    Any help would be really appreciated.

    Thanks in advance.

    Thursday, November 8, 2018 10:50 PM

All replies

  • Hi Hackathor,

    As you know, we should set up a certificate in server-side when we use the HttpsTransportElement. Do you have assigned the certificate in server-side and set the client username and password authentication mode?

    I use your custom binding configuration in server-side and hosted the web service on IIS, it works well when I call the service by using add service reference.

    Here is my server configuration.

    Web.config

    <system.serviceModel>
        <services>
          <service name="WcfService5.Service1" behaviorConfiguration="mybehavior">
            <endpoint address="" binding="customBinding" contract="WcfService5.IService1" bindingConfiguration="mybinding"></endpoint>
          </service>
        </services>
        <bindings>
          <customBinding>
            <binding name="mybinding">
              <security authenticationMode="UserNameOverTransport">
                <localClientSettings maxClockSkew="00:07:00"></localClientSettings>
                <localServiceSettings maxClockSkew="00:07:00"/>
                <secureConversationBootstrap>
                  <localClientSettings maxClockSkew="00:30:00" />
                  <localServiceSettings maxClockSkew="00:30:00" />
                </secureConversationBootstrap>
              </security>
              <textMessageEncoding>
              </textMessageEncoding>
              <httpsTransport></httpsTransport>
            </binding>
          </customBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="mybehavior">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <serviceDebug includeExceptionDetailInFaults="false"/>
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="Windows"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https" />
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    

    Feel free to let me know if there is anything I can help with.

    Best Regards

    Abraham

    Friday, November 9, 2018 3:18 AM
    Moderator
  • I added the following lines to set the certificate.

                var store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadOnly);
                CustomServiceClient.ClientCredentials.ClientCertificate.Certificate = store.Certificates[0];
                store.Close();

    What do you mean by setting the client username and password authentication mode? What property

    would I need to set?

    Thanks again.


    Friday, November 9, 2018 4:26 PM
  • Hi Hackathor,
    You need to set up a server certificate on the server-side, not on the client-side, which is typically configured in IIS. How the client credentials are provided depends on how the server authenticates the client. For example, I used Windows authentication in the above code, so the client needs to explicitly provide Windows credentials.

    Best Regards

    Abraham

    Monday, November 12, 2018 1:58 AM
    Moderator