none
WCF Adapter ClientCredentials RRS feed

  • Question

  • Hi

    We want to add our own ClientCredentials to the WCF adapter by using a custom behavior. If we do so, the following exception is raised:

    System.InvalidOperationException: The ClientCredentials cannot be added to the binding parameters because the binding parameters already contains a SecurityCredentialsManager 'System.ServiceModel.Description.ClientCredentials'. If you are configuring custom credentials for the channel, please first remove any existing ClientCredentials from the behaviors collection before adding the custom credential.
       at System.ServiceModel.Description.ClientCredentials.System.ServiceModel.Description.IEndpointBehavior.AddBindingParameters(ServiceEndpoint serviceEndpoint, BindingParameterCollection bindingParameters)
       at System.ServiceModel.Description.DispatcherBuilder.AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection parameters)
       at System.ServiceModel.Description.DispatcherBuilder.BuildProxyBehavior(ServiceEndpoint serviceEndpoint, BindingParameterCollection& parameters)
       at System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(ServiceEndpoint serviceEndpoint)
       at System.ServiceModel.ChannelFactory.CreateFactory()
       at System.ServiceModel.ChannelFactory.OnOpening()
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open()
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.CreateChannelFactory[TChannel](IBaseMessage bizTalkMessage)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.InitializeValues(IBaseMessage message)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2..ctor(IBaseMessage message, WcfTransmitter`2 transmitter)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfTransmitter`2.GetClientFromCache(String spid, IBaseMessage message)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfAsyncBatch`2.BatchWorker(List`1 messages) 

    The configuration used is:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
        <system.serviceModel>
            <client>
                <endpoint address="foobar" behaviorConfiguration="FooEndpointBehavior" binding="customBinding" bindingConfiguration="FooClientBinding" contract="BizTalk" name="ImportFilePort">
                    <identity>
                        <certificate encodedValue="..." />
                    </identity>
                </endpoint>
            </client>
    
            <behaviors>
                <endpointBehaviors>
                    <behavior name="FooEndpointBehavior">
                        <clientCredentials supportInteractive="false" type="OurOwnClientCredentialType, ..., Version=1.0.0.0, Culture=neutral, PublicKeyToken=...">
                            <issuedToken defaultKeyEntropyMode="ServerEntropy" />
                            <serviceCertificate>
                                <defaultCertificate ... />
                                <authentication ... />
                            </serviceCertificate>
                        </clientCredentials>
                    </behavior>
                </endpointBehaviors>
            </behaviors>
            
            <bindings>
                <customBinding>
                    <binding name="FooClientBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
                        <binaryMessageEncoding maxReadPoolSize="256" maxSessionSize="8192" maxWritePoolSize="64">
                            <readerQuotas maxArrayLength="65536" maxBytesPerRead="32768" maxDepth="64" maxNameTableCharCount="32768" maxStringContentLength="1287680" />
                        </binaryMessageEncoding>
                        <security keyEntropyMode="ServerEntropy" authenticationMode="IssuedTokenOverTransport">
                            <issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" />
                        </security>
                        <httpsTransport requireClientCertificate="false" maxReceivedMessageSize="3145728" />
                    </binding>
                </customBinding>
            </bindings>
        </system.serviceModel>
    </configuration>


    It seems to be that the System.ServiceModel.ChannelFactory adds a ClientCredential behavior automatically, if there is no ClientCredential. The ClientCredential included by the factory now conflicts with our own client credential type. We now try a work around, so that our component removes the SecurityCredentialsManager...

    Is that a bug or do we miss something? Is there a way to get an clean an empty WCF configuration without any behaviors, bindings, or channels added automatically?

    Rgds
    Markus

    • Edited by Mrks83 Wednesday, August 5, 2009 2:15 PM Insert source code is buggy (after edit)
    Wednesday, August 5, 2009 2:11 PM

Answers

  • It looks like this is a limitation to BizTalk's WCF support. You might consider calling the WCF service via a .NET project reference that calls WCF.

    Thanks,
    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Sunday, August 9, 2009 12:20 AM
    Moderator