locked
Problem with WSHttpBinding handling the Http1.1 Chunked Transfer-Encoding RRS feed

  • Question

  • I have a WCF 3.0 client that uses WSHttpBinding for communicating with a one-way (async) web service. The kerberos WSSecurity headers are inserted in the request. The server sends back a response as shown below

    HTTP/1.1 202 Processed

    X-Backside-Transport: OK OK

    Connection: Keep-Alive

    Transfer-Encoding: chunked

    Date: Thu, 18 Mar 2010 18:21:05 GMT

    Content-Type: application/soap+xml

     

    0

     So the http server is using the "Chunked" transfer-encoding. The .net framework throws and exception while trying to process the response. Below is the stack trace for the same

    System.ServiceModel.Security.MessageSecurityException: Message security verification failed. ---> System.ArgumentNullException: Value cannot be null.
    Parameter name: actors
       at System.ServiceModel.Channels.MessageHeaders.FindHeader(String name, String ns, String[] actors)
       at System.ServiceModel.Security.SecurityVersion.TryCreateReceiveSecurityHeader(Message message, String actor, SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
       at System.ServiceModel.Security.SecurityStandardsManager.CreateReceiveSecurityHeader(Message message, String actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
       at System.ServiceModel.Security.MessageSecurityProtocol.CreateSecurityHeader(Message message, String actor, MessageDirection transferDirection, SecurityStandardsManager standardsManager)
       at System.ServiceModel.Security.MessageSecurityProtocol.ConfigureReceiveSecurityHeader(Message message, String actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, IList`1& supportingAuthenticators)
       at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
       at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)

     

    When I am using the BasicHttpBinding, the chunked encoding is handled properly by the framework.

    The problem lies only when the WCF Client is using the WSHttpBinding.

    When the framework encounters a chunk in the http response, it determines that there is a body to the response (even if the chunk size is 0) and goes ahead to look for the WS Security headers in the response for trusting the body. When it is unable to find the security headers it throws the exception I have pasted above.

    I think this is a bug in the 3.0 framework. When the body chunk size is 0 i.e. there is no payload, it should not try to look for the Security headers.

    Any thoughts ?

    Thanks.


    A for apple, B for boy, C for c++
    Tuesday, March 23, 2010 10:54 PM

All replies

  • Hi,

    I guess the Chunk transfer encoding is conflict with WCF message security. In Message Security, receive endpoint always need soap header first for message decrypt. If you need secure the wcf message, please have a try Transport Security.

    Thanks,


    Mog Liang
    Thursday, March 25, 2010 7:53 AM
  • So you mean to say the HTTP 1.1 chunked encoding is not going to work with a WCF client using message security?

    In my case the request flow goes through an Auth Gateway which validates the kerberos token inside the payload of the request. So Message Security is a necessity for me. Looking for an alternate solution.

    Is there any way to override the WCF Framework and handle the chunked encoding response before it goes through the security validation?

     

    Thanks,
    A for apple, B for boy, C for c++
    Thursday, March 25, 2010 11:59 PM
  • Update:

    Microsoft confirms this as a bug in the WCF Framework.

    Will keep you updated about the fix.

    Thanks,


    A for apple, B for boy, C for c++
    Tuesday, March 30, 2010 9:56 PM
  • Any news on whether this will be addresses in the next service pack for .NET? Is there a corresponding .Connect issue that we can use to track the progress.
    Friday, November 12, 2010 4:46 PM