By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,213 Members | 1,086 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,213 IT Pros & Developers. It's quick & easy.

MessageSecurityException when consuming WCF service

P: n/a
Hi,

Recently I'm confused by this exception.
-----
The message could not be processed. This is most likely because the action
'http://tempuri.org/IBCC2MatrixService/UserMatchingSearch' is incorrect or
because the message contains an invalid or expired security context token or
because there is a mismatch between bindings. The security context token
would be invalid if the service aborted the channel due to inactivity. To
prevent the service from aborting idle sessions prematurely increase the
Receive timeout on the service endpoint's binding.
-----
This happens when I try to call a WCF service method. It doesn't happend all
the time and I haven't found any pattern yet. What can I do to solve this? Is
there any best practice on how to establish WCF connection and release them?

Thanks.

Daniel
Aug 10 '07 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Hi Daniel,

From your description, you're encountering the following error when running
a WCF based client server communication application, correct?

=========
The message could not be processed. This is most likely because the action
'http://tempuri.org/IBCC2MatrixService/UserMatchingSearch' is incorrect or
because the message contains an invalid or expired security context token
or
because there is a mismatch between bindings. The security context token
would be invalid if the service aborted the channel due to inactivity. To
prevent the service from aborting idle sessions prematurely increase the
Receive timeout on the service endpoint's binding.
=========

Regarding on the error info, I've performed some research and found some
cases with similar symptom. I'd like to confirm some things about your WCF
client, server applications:

** What's the type of endpoint binding type are you using and are you using
Message layer security to secure the service communiaton?

** For the client-side, are you using the autogenerated proxy class?

According to those former issue with the similar error message, the problem
is likely caused by the securitycontextToken be expired (client send to
server). When you use message layer security, the generated proxy will use
established security context token to communicate with server. However,
when the server close the connection (for some reason), the client is not
going to know the service connection timed out until it actually tries to
contact the service...which raises the exception.

If the problem in your case does be due to the above reason, you can
consider the following resolutions:
>>>>>>>>>>>>>>>>>>>>>
The best solution is to catch the exception and then abort the proxy and
recreate it.

Or you can also disable message layer security and use transport layer
security.
<<<<<<<<<<<<<<<

Hope this helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Aug 10 '07 #2

P: n/a
Thanks for your reply Daniel,

As for the "Message Layer security", it is one of the two security modes of
WCF service(Message Layer security and Transport layer security):

#Message Security in WCF
http://msdn2.microsoft.com/en-us/library/ms733137.aspx

#Transport Security
http://msdn2.microsoft.com/en-us/library/ms733043.aspx

When using "message Layer security", that means you secure your WCF message
through encrypt the message itself rather than rely on the transport
protocol(TCP, http) to secure the channel.

Yes, "ReceiveTime" does helps some here. This is because when you enlarge
"REceiveTime", the server-side become more unlikely to timeout and dispose
the channel, thus the "security context token" at client-side will become
unlikely to expire. But this is not a thorough solution since it only make
it infrequent. The most recommended approach is to manually capture the
exception and then recreate the client proxy.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.



Aug 13 '07 #3

P: n/a
Thanks Steven.

Could I ask more about manually capturing this exception? This exception
occurs when I'm calling a service method. Something like this:
--
MethodResponse response = proxy.Method(request);
--
If I need to catch it and recreate the proxy, it would be something like this:
--
MethodResponse response = null;
try
{
response = proxy.Method(request);
}
catch(MessageSecurityException)
{
proxy = new ServiceClient();
response = proxy.Method(request);
}
--
It is quite some work to refactor the code based on the fact that we do have
a good amount of service methods. Is this what you recommend?
Daniel

Aug 14 '07 #4

P: n/a
Thanks for your reply Daniel,

Yes, you need to at least wrap the "proxy.methodcall" code statement in
try...catch... block so as to capture the potential exception from service.

And so far this is most recommended approach(without changing other design
or configuratrion such as security model) according to some former issue
records.

BTW, some community member and I have also provide some suggestion in your
another thread about "getting application physical path in WCF service
hosted in IIS". Please feel free to have a look there.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Aug 15 '07 #5

P: n/a
Hi Daniel,

Any further question on this? If so, please feel free to let me know.

Thank you for your posting!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Aug 17 '07 #6

P: n/a
Thanks Steven. I'm fine with this topic. Your answer is very helpful.

Daniel
Aug 20 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.