I have a WCF net.tcp server/client with authentication and encryption (using verisign certificate) .
So far, I have 2 people complaining from about 100-150 who tested my application :
System.Reflection.TargetInvocationException: An exception occurred during the operation, making the result invalid. Check InnerException for exception details. ---> System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
System.Reflection.TargetInvocationException: An exception occurred during the operation, making the result invalid. Check InnerException for exception details. ---> System.ServiceModel.CommunicationException: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.
Any ideas on what might be causing this exceptions ?
Exception thrown by server would be my guess, after that I'd say contract mismatch is a close second. Is the service set to return exceptions? You can turn on WCF logging if you want to see the raw messages.
If this answers your question, please Mark as Answer
You say your using verisign for authentication and encryption. Are you using message or transport security?
What binding are you using?
Does the client have to provide a certificate? or is it only the service that provides the certificate for security?
I'm using Message security . This is my binding:
selfHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
selfHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new Passwordvalidator();
selfHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "...");
selfHost.Credentials.IssuedTokenAuthentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
selfHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck;
selfHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
selfHost.Credentials.IssuedTokenAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine;
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.ReceiveTimeout = TimeSpan.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxConnections = 1000000;
binding.ReaderQuotas.MaxArrayLength = 200000;
binding.ReaderQuotas.MaxBytesPerRead = 200000;
binding.ReaderQuotas.MaxStringContentLength = 10000;
binding.ReaderQuotas.MaxNameTableCharCount = 50000;
binding.MaxBufferPoolSize = 1000000;
binding.MaxBufferSize = 1000000;
binding.MaxReceivedMessageSize = 1000000;
binding.TransferMode = TransferMode.Buffered;
binding.SendTimeout = TimeSpan.FromSeconds(50.0);
binding.CloseTimeout = TimeSpan.FromSeconds(50.0);
ServiceThrottlingBehavior throttling = new ServiceThrottlingBehavior();
throttling.MaxConcurrentSessions = 10000000;
throttling.MaxConcurrentCalls = 10000000;
throttling.MaxConcurrentInstances = 10000000;
selfHost.Description.Behaviors.Find<ServiceDebugBehavior>().IncludeExceptionDetailInFaults = true;
I think i fixed the problem by changing the clock skew:
I'm waiting for the people who couldn't connect to confirm .
People that couldn't connect before still have the same problem.
Furthermore, changing clock skew only causes users that didn't had any problems to get disconnected after 24 hours (clock skew timespan) and they are not able to reconnect until I restart the server .
Any ideas ?
- Bearbeitet FAndrei Samstag, 5. Mai 2012 17:58