locked
SecurityNegotiationException RRS feed

  • Question

  • I get this exception when I try to connect to WCF service over net.tcp channel but dont provide userprincipalname. I dont want to give userprincipalname since I want to keep windows identity of the user logged in.

    System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

    here is the stack trace

    System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
    System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorBase.AcceptUpgrade(Stream stream)
    System.ServiceModel.Channels.InitialServerConnectionReader.UpgradeConnection(IConnection connection, StreamUpgradeAcceptor upgradeAcceptor, IDefaultCommunicationTimeouts defaultTimeouts)
    System.ServiceModel.Channels.ServerSingletonPreambleConnectionReader.CompletePreamble(TimeSpan timeout)
    System.ServiceModel.Channels.ConnectionDemuxer.OnSingletonPreambleKnown(ServerSingletonPreambleConnectionReader serverSingletonPreambleReader)
    System.ServiceModel.Channels.ServerSingletonPreambleConnectionReader.ReadAndDispatch()
    System.ServiceModel.Channels.ServerSingletonPreambleConnectionReader.StartReading(OnViaDelegate viaDelegate, TimeSpan timeout)
    System.ServiceModel.Channels.ConnectionDemuxer.OnSingletonConnection(IConnection connection, ItemDequeuedCallback connectionDequeuedCallback, Int64 streamPosition, Int32 offset, Int32 size, TimeSpan timeout)
    System.ServiceModel.Channels.ConnectionDemuxer.OnConnectionModeKnownCore(ConnectionModeReader modeReader, Boolean isCached)
    System.ServiceModel.Channels.ConnectionDemuxer.OnConnectionModeKnown(ConnectionModeReader modeReader)
    System.ServiceModel.Channels.ConnectionModeReader.Complete()
    System.ServiceModel.Channels.ConnectionModeReader.ReadCallback(Object state)
    System.ServiceModel.Channels.TracingConnection.TracingConnectionState.ExecuteCallback()
    System.ServiceModel.Channels.TracingConnection.WaitCallback(Object state)
    System.ServiceModel.Channels.SocketConnection.FinishRead()
    System.ServiceModel.Channels.SocketConnection.AsyncReadCallback(Boolean haveResult, Int32 error, Int32 bytesRead)
    System.ServiceModel.Channels.OverlappedContext.CompleteCallback(UInt32 error, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)


    ajit
    Friday, January 28, 2011 5:54 PM

Answers

All replies

  • userprincipalname should be the user of the server process, not the client. the client will still use the logged in user.

    use this format:

    user@host

    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Friday, January 28, 2011 6:06 PM
  • Yes I used userprincipalname  to provide server user. But when I intercept the message on server I get the value provided in userprincipal name . Is there a way to get client identity for request or channel?

     

    publi

     

     

     

    class MessageInspector : IDispatchMessageInspector
    {
    public
    object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
    {
    WindowsIdentity
    identity = (WindowsIdentity)Thread.CurrentPrincipal.Identity;
    }
    }
    Friday, January 28, 2011 6:26 PM
  • use the ServiceSecurityContext e.g. 

    ServiceSecurityContext.Current.PrimaryIdentity

    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by chintapali Friday, January 28, 2011 6:46 PM
    Friday, January 28, 2011 6:38 PM