Hi,
I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent or
incorrectly specified EndpointIdentity in the EndpointAddress used to create
the channel. Please verify the EndpointIdentity specified or implied by the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
try
{
//Create the host.
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.
// Writes output message to the output file and to a console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();
Trace.WriteLine("state = "+ myHost.State);
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}
and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
cheers,
Manjree
8  13204 
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
try
{
//Create the host.
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();
Trace.WriteLine("state = "+ myHost.State);
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}
and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
cheers,
Manjree
Thanks Morten. But it is still throwing the same exception. :(
Manjree.
"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
try
{
//Create the host.
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();
Trace.WriteLine("state = "+ myHost.State);
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}
and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
cheers,
Manjree
Hi Manjree,
From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF service.
The error message does indicate that the "identity" of the endpoint hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided, you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.
I've also replied you in another WCF windows service hosted thread. In that
thread you mentioend that you can not get WCF configuration (in app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service exe(
as windowsservice.exe.config file)?
Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test. This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.
BTW, here is the test configuration setting( for server and client) I used:
==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">
<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>
</identity>
</endpoint>
</client>
==================
Anyway, you need to make sure the one you specified at service side also
matches the client-side's.
If there is anything else unclear, please feel free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.
"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
try
{
//Create the host.
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to
the
Trace.
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();
Trace.WriteLine("state = "+ myHost.State);
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}
and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
cheers,
Manjree
Hi Steven,
Thanks for the reply. Now I am getting following exception:
System.ServiceModel.FaultException: The request for security token could not
be satisfied because authentication failed.
Thought I have added Authentication to PeerOrChainTrust as follows at client:
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess_IP reprocess"
behaviorConfiguration="ServiceBehavior"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess_IPreprocess">
<identity>
<certificate
encodedValue="AwAAAAEAAAAUAAAADJPQRd/3I06+gno+HiOn3/qqct0gAAAAAQAAALcBAAAwggGzMIIBYaADAgECAhBTBwz954p0 q0IsNrgvUW9KMAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdC BBZ2VuY3kwHhcNMDgwNTIxMTA0NjU4WhcNMzkxMjMxMjM1OTU5 WjAWMRQwEgYDVQQDEwt3aW5kb3dzaG9zdDCBnzANBgkqhkiG9w 0BAQEFAAOBjQAwgYkCgYEAxELJ4QxIFY7sHWOf7zsW7lwsEXjX UhpY3xHSsvMK42nnHJotSmsSxLBNFRVvTgKITaowimtFX9/OSvTJ4MM5nB/W342rmclyjUaLSLBdDa7+39tPO5RRDjY3tln45mw1lCrI0TD1I rQ48/YrD6zmu1ZLzOaFEAf3vvpEYgUJKbcCAwEAAaNLMEkwRwYDVR0B BEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1 Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MAkGBSsOAwId BQADQQBydNDtJucuxVh4HhPXkDurEMx/f/rsxJQ4nVOtqdOH1dvp4SKA/GNXMGWb2z8sA/F3ELcNSPeRLo/4XYuZyHFf" />
<dns value="windowshost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Cheers,
Manj
"Steven Cheng [MSFT]" wrote:
Hi Manjree,
From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF service.
The error message does indicate that the "identity" of the endpoint hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided, you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.
I've also replied you in another WCF windows service hosted thread. In that
thread you mentioend that you can not get WCF configuration (in app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service exe(
as windowsservice.exe.config file)?
Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test. This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.
BTW, here is the test configuration setting( for server and client) I used:
==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">
<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>
</identity>
</endpoint>
</client>
==================
Anyway, you need to make sure the one you specified at service side also
matches the client-side's.
If there is anything else unclear, please feel free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.
"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
>
I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:
>
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
>
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
>
>
The WinSvchost file is:
>
>
>
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
>
protected override void OnStart(string[] args)
{
try
{
//Create the host.
>
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
>
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
>
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
>
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
>
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
>
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
>
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
>
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to
the
Trace.
>
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
>
>
myHost.Open();
>
Trace.WriteLine("state = "+ myHost.State);
>
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
>
>
}
>
and the Client is:
>
>
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
>
proxy.EnableMatGui(false);
}
>
>
The app.config for the client is :
>
>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
Hi Manj,
Thanks for your reply.
The error seems still concerns with the certificate (which may not be
validated as trusted one).
Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.
Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:
#WCF security: How to configure message security with x509 authentication http://developers.de/blogs/damir_dob...09/24/931.aspx
If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?TWFuag==?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
<4F**********************************@microsoft.co m>
<JI**************@TK2MSFTNGHUB02.phx.gbl>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Wed, 4 Jun 2008 07:51:01 -0700
Hi Steven,
Thanks for the reply. Now I am getting following exception:
System.ServiceModel.FaultException: The request for security token could
not
be satisfied because authentication failed.
Thought I have added Authentication to PeerOrChainTrust as follows at
client:
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess_IP reprocess"
behaviorConfiguration="ServiceBehavior"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess_IPreprocess">
<identity>
<certificate
encodedValue="AwAAAAEAAAAUAAAADJPQRd/3I06+gno+HiOn3/qqct0gAAAAAQAAALcBAAAwgg
GzMIIBYaADAgECAhBTBwz954p0q0IsNrgvUW9KMAkGBSsOAwId BQAwFjEUMBIGA1UEAxMLUm9vdC
BBZ2VuY3kwHhcNMDgwNTIxMTA0NjU4WhcNMzkxMjMxMjM1OTU5 WjAWMRQwEgYDVQQDEwt3aW5kb3
dzaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxELJ 4QxIFY7sHWOf7zsW7lwsEXjXUh
pY3xHSsvMK42nnHJotSmsSxLBNFRVvTgKITaowimtFX9/OSvTJ4MM5nB/W342rmclyjUaLSLBdDa
7+39tPO5RRDjY3tln45mw1lCrI0TD1IrQ48/YrD6zmu1ZLzOaFEAf3vvpEYgUJKbcCAwEAAaNLME
kwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDAS BgNVBAMTC1Jvb3QgQWdlbmN5gh
AGN2wAqgBkihHPuNSqXDX0MAkGBSsOAwIdBQADQQBydNDtJucu xVh4HhPXkDurEMx/f/rsxJQ4nV
OtqdOH1dvp4SKA/GNXMGWb2z8sA/F3ELcNSPeRLo/4XYuZyHFf" />
<dns value="windowshost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehavior">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Cheers,
Manj
"Steven Cheng [MSFT]" wrote:
Hi Manjree,
From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF
service.
>
The error message does indicate that the "identity" of the endpoint
hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided,
you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.
I've also replied you in another WCF windows service hosted thread. In
that
thread you mentioend that you can not get WCF configuration (in
app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service
exe(
as windowsservice.exe.config file)?
Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test.
This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.
BTW, here is the test configuration setting( for server and client) I
used:
>
==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">
<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>
</identity>
</endpoint>
</client>
==================
Anyway, you need to make sure the one you specified at service side also
matches the client-side's.
If there is anything else unclear, please feel free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
>
--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.
"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
to the common name of your service certificate?
Morty
"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
>
I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:
>
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred
in
mscorlib.dll
>
Additional information: Secure channel cannot be opened because
security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied
by
the
EndpointAddress correctly identifies the remote endpoint.
>
>
The WinSvchost file is:
>
>
>
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
>
protected override void OnStart(string[] args)
{
try
{
//Create the host.
>
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
>
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
>
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
>
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
>
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
>
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
>
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
>
X509CertificateValidationMode.PeerOrChainTrust;
>
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner
to
the
Trace.
>
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
>
>
myHost.Open();
>
Trace.WriteLine("state = "+ myHost.State);
>
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
>
>
}
>
and the Client is:
>
>
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
>
proxy.EnableMatGui(false);
}
>
>
The app.config for the client is :
>
>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
Hi Manj,
Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,
Thanks for your reply.
The error seems still concerns with the certificate (which may not be
validated as trusted one).
Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.
Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:
#WCF security: How to configure message security with x509 authentication http://developers.de/blogs/damir_dob...09/24/931.aspx
If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Hi Steven,
Thanks for the followup. It is working now. I tried to reply you earlier
but was not able to reply on newsgroup for some reason (still wondering why?).
Cheers.
Manj.
"Steven Cheng [MSFT]" wrote:
Hi Manj,
Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,
Thanks for your reply.
The error seems still concerns with the certificate (which may not be
validated as trusted one).
Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.
Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:
#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx
If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Hi Manj,
Glad to hear from you and nice to get that it is working now.
Also, for the newsgroup accessing problem, does it still exists now and
whether it is a constinous problem if you try visiting any newsgroup from
IE? If so, please feel free to let me know, I'll help forward the problem
to the proper guys.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Wed, 11 Jun 2008 02:25:00 -0700
Hi Steven,
Thanks for the followup. It is working now. I tried to reply you earlier
but was not able to reply on newsgroup for some reason (still wondering
why?).
Cheers.
Manj.
"Steven Cheng [MSFT]" wrote:
Hi Manj,
Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,
Thanks for your reply.
The error seems still concerns with the certificate (which may not be
validated as trusted one).
Have you got the configuration setting in windows service working(setup
WCF
service host without using code)? Also, as I suggested previously, you
can
use a console application for test first so as to simplfy the
troubleshooting.
Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:
#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx
If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did
you
generate them? Are you using makecert.exe or windows certificate service?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
>
--------------------
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Justin Drerup |
last post by:
I'm tryng to return a custom object that contains a collection of
MembershipUsers through a web service however I receive the following
error when trying to return the object through a web method:...
|
by: Ronald S. Cook |
last post by:
I am on WinXP but have downloaded .NET Framework 3.0. Isn't
System.ServiceModel supposed ot be in there? It's not showing up in my list
of .NET references within VS2005.
Thanks,
Ron
|
by: Atiz |
last post by:
hi,
i'm trying to create a program for pocket pc 2003. When i wanted to
use System.ServiceModel.Security, the compiler complained that
servicemodel is not present in System namespace. (I'm...
|
by: =?Utf-8?B?a3Nlbg==?= |
last post by:
I am trying to use external config file for System.servicesModel using
configSource attribute, I get following error.
The attribute 'configsource' cannot be specified because its name starts...
|
by: rroden |
last post by:
C:\WINDOWS\assembly
\WindowsSystem.Web.Security.ActiveDirectoryMembershipProvider isn't
being installed with .net 2.0 or 3.0 on any of my systems. What am I
doing wrong?
|
by: yy |
last post by:
when i try to compile my code with 'using namespace
System::ServiceModel' i get:
error C2039: 'ServiceModel' : is not a member of 'System'
i've installed WCF and WPF extensions for Visual Studio...
|
by: NeToKo |
last post by:
when i try to compile my code with 'using namespace
System::ServiceModel' i get:
error C2039: 'ServiceModel' : is not a member of 'System'
i've installed WCF and WPF extensions for Visual Studio...
|
by: Sachin |
last post by:
Hi All,
I deployed an ASP.NET Web Service on Server1 and it worked fine.
However when I deployed the same Web Service on Server2 I am getting the
following error,
The...
|
by: Nathan Sokalski |
last post by:
When I call System.Web.Security.Roles.GetRolesForUser() it returns no
results even though I have roles associated with the currently logged in
user. I am able to get the username by calling...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM)
The start time is equivalent to 19:00 (7PM) in Central...
|
by: Aliciasmith |
last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
|
by: tracyyun |
last post by:
Hello everyone,
I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
|
by: NeoPa |
last post by:
Hello everyone.
I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report).
I know it can be done by selecting :...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM)
Please note that the UK and Europe revert to winter time on...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
|
by: GKJR |
last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
| |
