none
WCF Routing with Message Signing Results in Encyption Error RRS feed

  • Question

  • I'm experiencing a problem when trying to introduce WCF-Routing into a project containing two target service endpoints which have message security enabled. (Signing only - No encryption) I've set two simple Action based filters which direct to one service or the other.

    Calling the RoutingService from my client presents the following error message in the trace logs:

    The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part  was not encrypted.

    I've set ProtectionLevel.Sign on the service interface so i'm struggling to understand why this is a problem.

    [ServiceContract(Namespace = "http://helloservice.adam.com/services/v1.0", ProtectionLevel = ProtectionLevel.Sign)]
    public interface IHelloAService {    
        [OperationContract(Action = "http://helloservice.adam.com/services/v1.0/helloa", ProtectionLevel = ProtectionLevel.Sign)]    
        string SayHello(string name);
    }

    Any help that anyone can provide would be much appreciated.

    WCF Service Project Config


    Services

    <services>  
        <service name="System.ServiceModel.Routing.RoutingService" behaviorConfiguration="RoutingSecureBehavior" >    
            <endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding" contract="System.ServiceModel.Routing.ISimplexDatagramRouter" name="RoutingServiceEndpoint" />  
        </service>  
    
        <service name="WCF.Services.HelloAService" behaviorConfiguration="SecureServiceBehavior">    
            <endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding" contract="WCF.Services.IHelloAService" />  
        </service>  
    
        <service name="WCF.Services.HelloBService" behaviorConfiguration="SecureServiceBehavior">    
            <endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding" contract="WCF.Services.IHelloBService" />  
        </service>
    </services>

    Bindings

    <customBinding>    
        <binding name="HTTPSCustomBinding">      
            <textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8" />      
            <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" messageProtectionOrder="SignBeforeEncrypt" />      
            <httpsTransport/>    
        </binding>  
    </customBinding>

    Service Behaviors

    <serviceBehaviors>    
        <behavior name="SecureServiceBehavior">      
            <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />      
            <serviceDebug includeExceptionDetailInFaults="false" />       
            <serviceCredentials>        
                <clientCertificate>          
                    <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />        
                </clientCertificate>        
                <serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />      
            </serviceCredentials>      
            <serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />    
        </behavior>    
        <behavior name="RoutingSecureBehavior">      
            <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />      
            <serviceDebug includeExceptionDetailInFaults="false" />       
            <serviceCredentials>        
                <clientCertificate>          
                    <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />        
                </clientCertificate>        
            <serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />      
            </serviceCredentials>      
            <serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />      
            <routing filterTableName="MyFilterTable" routeOnHeadersOnly="True" />    
        </behavior>  
    </serviceBehaviors>

    Filters

    <routing>  
        <filters>    
            <filter name="HelloAAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/helloa" />    
            <filter name="HelloBAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/hellob" />  
        </filters>  
        <filterTables>    
            <filterTable name="MyFilterTable">      
                <add filterName="HelloAAction" endpointName="HelloA" priority="100" />      
                <add filterName="HelloBAction" endpointName="HelloB" priority="100" />    
            </filterTable>  
        </filterTables>
    </routing>    

    Service Side Clients

    <client>  
        <endpoint name="HelloA" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />  
        <endpoint name="HelloB" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />
    </client>


    Endpoint Behaviors

    <endpointBehaviors>    
        <behavior name="Internal_SecureClientBehavior">      
            <clientCredentials>        
                <clientCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />        
                <serviceCertificate>          
                    <authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />          
                    <defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />        
                </serviceCertificate>      
           </clientCredentials>    
        </behavior>  
    </endpointBehaviors>

    WCF Client Project Config

    Client Side Clients

    <client>      
        <endpoint name="ServiceProxy" address="https://services.adam.com/ServiceProxy.svc" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="SecureClientBehavior" contract="WCF.Services.IHelloAService">    
            <identity>      
                <dns value="service.adam.com" />    
            </identity>  
        </endpoint>
    </client>


    Bindings

    <customBinding>    
        <binding name="HTTPSCustomBinding">      
            <textMessageEncoding messageVersion="Default" writeEncoding="utf-8" />      
            <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"                messageProtectionOrder="SignBeforeEncrypt"                messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" />      
            <httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxPendingAccepts="1" />    
        </binding>  
    </customBinding>

    Behaviors

    <endpointBehaviors>    
        <behavior name="SecureClientBehavior">      
            <clientCredentials>        
                 <clientCertificate findValue="client.adam.com" x509FindType="FindBySubjectName"  storeLocation="LocalMachine" storeName="My" />        
                 <serviceCertificate>          
                     <authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />          
                     <defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />        
                 </serviceCertificate>      
            </clientCredentials>    
    </behavior> 
    </endpointBehaviors>


    Monday, February 1, 2016 11:25 PM

All replies

  • Hi adammal1,

    >>The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part  was not encrypted.

    I see that you have only implemented the signing only without the encryption, but based on the above error message, it seems that your client has encrypted and signed the message, so the server doesn't understand it because of your attribute on the service contract.

    I suggest that you modify your service contract as below:

    [ServiceContract(Namespace = "http://helloservice.adam.com/services/v1.0", ProtectionLevel = ProtectionLevel. EncryptAndSign)]
    
    public interface IHelloAService {    
        [OperationContract(Action = "http://helloservice.adam.com/services/v1.0/helloa", ProtectionLevel = ProtectionLevel. EncryptAndSign)]    
    
        string SayHello(string name); 
    
    }

    Or please review your client code and check if it sends the encrypted and signed message.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.




    Wednesday, February 3, 2016 2:04 PM
    Moderator
  • Thanks for replying Amy.

    You are correct. In our case we only want the message to be signed, not encrypted. This is due to an Interoperability requirement we have.

    Client Message

    <MessageLogTraceRecord>
    	<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    		<s:Header>
    			<a:Action s:mustUnderstand="1" u:Id="_2">http://helloservice.adam.com/services/v1.0/helloa</a:Action>
    			<a:MessageID u:Id="_3">urn:uuid:c1d63d0b-5c7c-4f40-aec2-f443a7ed1279</a:MessageID>
    			<ActivityId CorrelationId="5e8eeafe-b6ea-447c-9aef-83590fa1cb14" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">98c9a2d2-eb44-49cb-b7ed-1d8faa0f76b4</ActivityId>
    			<a:ReplyTo u:Id="_4">
    				<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    			</a:ReplyTo>
    			<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9ZgeKxzMRRNv6Ct3SI3LSgAAAAAs1Dwp9mdIUijE0INd/FtNNOfyTCZ67pInaGB2dTPNhgACQAA</VsDebuggerCausalityData>
    			<a:To s:mustUnderstand="1" u:Id="_5">https://routingservice.local.nexishub.ag.gov.au/ServiceProxy.svc</a:To>
    			<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    				<u:Timestamp u:Id="uuid-0edd7ada-5872-4b2e-9886-d938bff433be-1">
    					<u:Created>2016-02-03T21:49:05.390Z</u:Created>
    					<u:Expires>2016-02-03T21:54:05.390Z</u:Expires>
    				</u:Timestamp>
    				<o:BinarySecurityToken>
    					<!-- Removed-->
    				</o:BinarySecurityToken>
    				<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    					<SignedInfo>
    						<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    						<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    						<Reference URI="#_1">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>0uTiA4OTWXwgqrLiU3khjfdhtWA=</DigestValue>
    						</Reference>
    						<Reference URI="#_2">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>dVNiLAlfiDVzCxVl8LedM6fJXe8=</DigestValue>
    						</Reference>
    						<Reference URI="#_3">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>iQyD8a8K6NfSeET75BXqjhUrP50=</DigestValue>
    						</Reference>
    						<Reference URI="#_4">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>l6mMmQ2LE9VFtjaA6Qc4GKBXURw=</DigestValue>
    						</Reference>
    						<Reference URI="#_5">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>bfO7H0PxNlk3hQxpMuJr82YD5ME=</DigestValue>
    						</Reference>
    						<Reference URI="#uuid-0edd7ada-5872-4b2e-9886-d938bff433be-1">
    							<Transforms>
    								<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    							</Transforms>
    							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    							<DigestValue>vIT9u1iKzH3R8iliEKk/+PAJCa4=</DigestValue>
    						</Reference>
    					</SignedInfo>
    					<SignatureValue>gbsKbLPqVuZ2wPFM0aFftzWiFxb2iIvZLFD6k1ucYpqGaZqvUoTeQp9JXBXHwvuatlXmsxSGVsU3OW3oME595bLu1pSjPSVT0XxIsuY+2Ue5KbGi6pHZBZ0CIcN24jZvZoEXSyET/lKHO5vlaaX3QNJp9wPBgME05DGdMwdInbqSEYZIKOtNsoA0NJ2pveNEtonrA11ViqFxRqvakqowG4dW19I4iSbUHhGdhmC+RhCrVt5vSsn0ukjGT5gEwuZKJf6bws/VFIDsjrw9XXWudUYv7JK/lcrOWWuixut5WEWvkyHXqPZFahyUhaniMDJpj0QB5EjCYks6ZMb3QfqQ6w==</SignatureValue>
    					<KeyInfo>
    						<o:SecurityTokenReference>
    							<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-5c1d7c88-844b-4a7b-aecb-56b956049db7-2"/>
    						</o:SecurityTokenReference>
    					</KeyInfo>
    				</Signature>
    			</o:Security>
    		</s:Header>
    		<s:Body u:Id="_1">
    			<SayHello xmlns="http://helloservice.adam.com/services/v1.0">
    				<name>Adam</name>
    			</SayHello>
    		</s:Body>
    	</s:Envelope>
    </MessageLogTraceRecord>


    The error we are getting "is from the service trace logs so it seems like the RouterService is receiving an unencrypted message and not happy with that, for unknown reasons.

    Following is the Service Trace Log error message 

    <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
    	<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    		<EventID>131075</EventID>
    		<Type>3</Type>
    		<SubType Name="Error">0</SubType>
    		<Level>2</Level>
    		<TimeCreated SystemTime="2016-02-03T22:07:16.8544468Z" />
    		<Source Name="System.ServiceModel" />
    		<Correlation ActivityID="{91c10a12-8eb2-4e88-b1b7-d25048fae9d5}" />
    		<Execution ProcessName="iisexpress" ProcessID="10676" ThreadID="9" />
    		<Channel />
    		<Computer>NEXISDEV1</Computer>
    	</System>
    	<ApplicationData>
    		<TraceData>
    			<DataItem>
    				<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error">
    					<TraceIdentifier>http://msdn.microsoft.com/en-AU/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier>
    					<Description>Throwing an exception.</Description>
    					<AppDomain>/LM/W3SVC/10/ROOT-1-130990108201184895</AppDomain>
    					<Exception>
    						<ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    						<Message>The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part  was not encrypted.</Message>
    						<StackTrace>
    at System.ServiceModel.Security.SecurityVerifiedMessage.OnUnencryptedPart(String name, String ns)
    at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOneSupportingTokenExpectedToBeSigned)
    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
    at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveRequestAndVerifySecurityAsyncResult.ProcessInnerItem(RequestContext innerItem, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
    at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
    at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
    at System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)
    at System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
    at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result)
    at System.Runtime.AsyncResult.SyncContinue(IAsyncResult result)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult..ctor(ReplyChannelAcceptor acceptor, Action dequeuedCallback, HttpPipeline pipeline, AsyncCallback callback, Object state)
    at System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state)
    at System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync()
    at System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state)
    at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)
    at System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state)
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state)
    at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    						</StackTrace>
    						<ExceptionString>System.ServiceModel.Security.MessageSecurityException: The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part  was not encrypted.</ExceptionString>
    					</Exception>
    				</TraceRecord>
    			</DataItem>
    		</TraceData>
    		<System.Diagnostics xmlns="http://schemas.microsoft.com/2004/08/System.Diagnostics">
    			<LogicalOperationStack/>
    			<Timestamp>6435760149731</Timestamp>
    			<Callstack>
    at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
    at System.Environment.get_StackTrace()
    at System.Diagnostics.TraceEventCache.get_Callstack()
    at System.Diagnostics.XmlWriterTraceListener.WriteFooter(TraceEventCache eventCache)
    at System.Diagnostics.XmlWriterTraceListener.TraceData(TraceEventCache eventCache, String source, TraceEventType eventType, Int32 id, Object data)
    at System.Diagnostics.TraceSource.TraceData(TraceEventType eventType, Int32 id, Object data)
    at System.ServiceModel.Diagnostics.LegacyDiagnosticTrace.TraceEvent(TraceEventType type, Int32 code, String msdnTraceCode, String description, TraceRecord trace, Exception exception, Object source)
    at System.ServiceModel.Diagnostics.LegacyDiagnosticTrace.TraceEvent(TraceEventType type, Int32 code, String msdnTraceCode, String description, TraceRecord trace, Exception exception, Guid activityId, Object source)
    at System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(Exception exception, Message message)
    at System.ServiceModel.Security.SecurityVerifiedMessage.OnUnencryptedPart(String name, String ns)
    at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOneSupportingTokenExpectedToBeSigned)
    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
    at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveRequestAndVerifySecurityAsyncResult.ProcessInnerItem(RequestContext innerItem, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
    at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
    at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
    at System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)
    at System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
    at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result)
    at System.Runtime.AsyncResult.SyncContinue(IAsyncResult result)
    at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult..ctor(ReplyChannelAcceptor acceptor, Action dequeuedCallback, HttpPipeline pipeline, AsyncCallback callback, Object state)
    at System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state)
    at System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync()
    at System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state)
    at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)
    at System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state)
    at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state)
    at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    			</Callstack>
    		</System.Diagnostics>
    	</ApplicationData>
    </E2ETraceEvent>

    Let me know if there is any other information you need.

    Wednesday, February 3, 2016 10:11 PM
  • If it helps i've posted the Visual Studio Solution that does not work to Github.

    https://github.com/adammal/WCFRoutingWithMessageSecurity

    If anyone has any insight into why this doesn't work please let me know.

    Thanks again
    Adam

    Sunday, February 7, 2016 10:00 AM
  • Hi adammal1,

    I see that you are using the Custom binding, please try to configure the defaultProtectionLevel as <defaultProtectionLevel="Sign"> inside your Custom binding to see if it works.

    For more information, please try to refer to the following articles:
    #Custom Binding:
    https://msdn.microsoft.com/en-us/library/ms731377(v=vs.110).aspx.
    #Understanding Protection Level:
    http://msdn.microsoft.com/en-us/library/aa347692(v=vs.110).aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Monday, February 22, 2016 4:50 AM
    Moderator
  • Hi Amy,

    Thanks for following this up.

    The following link indicates that defaultProtectionLevel should be available as an attribute on the Security Element under the CustomBinding element.

    https://msdn.microsoft.com/en-us/library/ms731377%28v=vs.110%29.aspx

    Visual Studio doesn't seem to accept it though. It fails on both schema validation and it exceptions at runtime.

    In addition the following post indicates that it is no longer supported? 

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/283bed3a-8ca8-4084-9b47-41633d73d29a/how-do-i-configure-sign-signencrypt-for-the-secure-communication?forum=wcf

    Please advise how I make use of this attribute.

    Thanks, Adam

    Monday, February 22, 2016 7:17 AM
  • Hi adammal1,

    I have tested in my side, yes, it seems that currently the custom binding does not the support the defaultProtectionLevel attribute. In order to implement the protection level, could you please try to use a wsHttpBinding with the message security to see if it works? In this way it will be more easy to control the message protection.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, February 25, 2016 6:49 AM
    Moderator
  • Hi Amy.

    There has to be a way to do this with custom binding. My service is already deployed to production using custom binding, so I can't change it to wsHttpBinding. I have basically the same issue as adammal1. Any other ideas?

    Friday, April 22, 2016 1:00 PM