locked
WSE3: Security requirements are not satisfied because the security header is not present in the incoming message. RRS feed

  • Question

  • Hi,

    I am getting this error :

    {"WSE910: An error happened during the processing of a response message, and you can find the error in the inner exception.  You can also find the response message in the Response property."} 

    System.Exception {Microsoft.Web.Services3.ResponseProcessingException}

    InnerException says:

     {"Security requirements are not satisfied because the security header is not present in the incoming message."} 

    System.Exception {System.InvalidOperationException}

     StackTrace "   at Microsoft.Web.Services3.Messaging.SoapClient.SendRequestResponse(String methodname, SoapEnvelope envelope)\r\n   at Microsoft.Web.Services3.Security.SecurityTokenServiceClient.RequestSecurityToken(SecurityTokenMessage request, String methodName)\r\n   at Microsoft.Web.Services3.Security.SecurityContextTokenServiceClient.RequestSecurityContextToken(AppliesTo appliesTo)\r\n   at Microsoft.Web.Services3.Security.SecurityContextTokenServiceClient.IssueSecurityContextToken(AppliesTo appliesTo)\r\n   at Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.RequestTokenFromIssuer(EndpointReference tokenIssuer, String tokenType, AppliesTo appliesTo, Policy policy, SoapProtocolVersion soapVersion, StateManager messageState, StateManager operationState, StateManager sessionState)\r\n   at Microsoft.Web.Services3.Security.SecureConversationClientSendSecurityFilter.EstablishSecureConversation(SoapEnvelope envelope)\r\n   at Microsoft.Web.Services3.Security.SecureConversationClientSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security)\r\n   at Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope)\r\n   at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope envelope)\r\n   at Microsoft.Web.Services3.Xml.SoapEnvelopeWriter.Finish()\r\n   at Microsoft.Web.Services3.Xml.XmlWrappingWriter.Flush()\r\n   at System.Web.Services.Protocols.SoapHttpClientProtocol.Serialize(SoapClientMessage message)\r\n   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)\r\n   at WebClient.Factory.CentralIssueServiceWse.FactoryGetCurrentJob() in C:\\Projects\\Indiana\\CP SYNC\\External Application For Factory Service\\WebClient\\Web References\\Factory\\Reference.cs:line 189\r\n   at WebClient._Default.GetCurrentJob() in C:\\Projects\\Indiana\\CP SYNC\\External Application For Factory Service\\WebClient\\Default.aspx.cs:line 49" string

    I have tried all the solution available on msdn and other forums but to no avail. Please help me solve this error...as i need to get this done soon. i'll be more than grateful.

    Here is my WSE policy file on client side.

    <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
      <extensions>
        <extension name="mutualCertificate11Security" type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </extensions>
      <policy name="CertPolicy">
        <mutualCertificate11Security establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="true" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
          <clientToken>
            <x509 storeLocation="CurrentUser" storeName="My" findValue="CN=WSE2QuickStartClient" findType="FindBySubjectDistinguishedName" />
          </clientToken>
          <serviceToken>
            <x509 storeLocation="CurrentUser" storeName="AddressBook" findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName" />
          </serviceToken>
          <protection>
            <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
            <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
            <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
          </protection>
        </mutualCertificate11Security>
        <requireActionHeader />
      </policy>
    </policies>

    Here is my WSE policy file on server side.

    <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
      <extensions>
        <extension name="mutualCertificate11Security" type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </extensions>
      <policy name="FactoryPolicy">
        <authorization>
     <allow user="CN=WSE2QuickStartClient"/>
     <allow user="CN=WSE2QuickStartServer"/>
     <deny user="*"/>
        <authorization/>
        <mutualCertificate11Security establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">
          <serviceToken>
            <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName" />
          </serviceToken>
          <protection>
            <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
            <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
            <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
          </protection>
        </mutualCertificate11Security>
        <requireActionHeader />
      </policy>
    </policies>

    Factory web service is on Windows Server 2003 and im consuming it on XP. I generated certificates on server machine (Win2003 server), exported them and then impoted them on client machine (XP), therefore there is no problem of private key mismatch.

    Please help me.

    Regards,
    Dami.

    • Edited by Dami Thursday, August 27, 2009 2:46 PM
    Thursday, August 27, 2009 2:37 PM

Answers

  • Thanks alot the problem is solved requireSignatureConfirmation flag was false on server side but true on client side. Thanks for fiddler. It helped me to find the problem. Regards, Dami.
    • Marked as answer by Dami Thursday, August 27, 2009 8:08 PM
    Thursday, August 27, 2009 8:08 PM

All replies

  • Check windows event log to see the error on the server side.

    Also use a tool like fiddler to see the exact request and response messages.

    http://webservices20.blogspot.com/
    WCF Security, Performance And Testing Blog
    Thursday, August 27, 2009 3:26 PM
  • Thanks for the reply....I am new to weservices and fiddler as well.... Can u plz tell me where to look for errors in fiddler..does fiddler highlights errors or what sort of thing should i look in fiddler that can point to the error.

    Please also let me know where can i see windows event log.

    Thanks,
    Dami.
    Thursday, August 27, 2009 6:12 PM
  • Thats the error message i think which I found on Fiddler.


    http://schemas.xmlsoap.org/ws/2004/08/addressing/faulturn:uuid:f0d05377-ca40-4424-9ebc-6e7288bc161durn:uuid:dce12233-2956-41dd-ab8e-f8e68519f9efhttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussoap:ServerSystem.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: WSE2005: Protection requirements in MutualCertificate11Assertion are not satisfied. at Microsoft.Web.Services3.Design.MutualCertificate11Assertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security, MessageProtectionRequirements request) at Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security) at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response) at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing) --- End of inner exception stack trace --- --- End of inner exception stack trace ---http://10.10.1.47/CIWebServices/CentralIssueService.asmx



    And thats the reponse header from fiddler:

    HTTP/1.1 500 Internal Server Error
    Date: Thu, 27 Aug 2009 18:18:45 GMT
    Server: Microsoft-IIS/6.0
    MicrosoftOfficeWebServer: 5.0_Pub
    X-Powered-By: ASP.NET
    X-AspNet-Version: 2.0.50727
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Content-Length: 2592


    One other panel in Fiddler says:

    No Proxy-Authorization Header is present.

    No Authorization Header is present.


    Please let me know how to solve these issues.

    Thanks,
    Dami.
    • Edited by Dami Thursday, August 27, 2009 7:01 PM
    Thursday, August 27, 2009 6:22 PM
  • Thanks alot the problem is solved requireSignatureConfirmation flag was false on server side but true on client side. Thanks for fiddler. It helped me to find the problem. Regards, Dami.
    • Marked as answer by Dami Thursday, August 27, 2009 8:08 PM
    Thursday, August 27, 2009 8:08 PM
  • Hi Dami,

    I am facing the same issue in Factory Web Service. This time i have deployed the service on Windows Server 2008. requireSignatureConfirmation is true on client and server. Please get back to me if you know the solution.


    Dhubala
    Wednesday, October 7, 2009 3:23 AM