471,088 Members | 1,282 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,088 software developers and data experts.

System.ServiceModel.Security.SecurityNegotiationEx ception

Hi,

I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:

An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll

Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent or
incorrectly specified EndpointIdentity in the EndpointAddress used to create
the channel. Please verify the EndpointIdentity specified or implied by the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:

namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}

protected override void OnStart(string[] args)
{
try
{
//Create the host.

Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);

binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";

binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;

myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);

myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");

ClientCredentials creds = new ClientCredentials();
// Configure peer trust.

creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;

//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.

// Writes output message to the output file and to a console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();

Trace.WriteLine("state = "+ myHost.State);

// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}

and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy

proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>

cheers,

Manjree

Jun 27 '08 #1
8 12972
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>

to the common name of your service certificate?

Morty

"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,

I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:

An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll

Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:

namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}

protected override void OnStart(string[] args)
{
try
{
//Create the host.

Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);

binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";

binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;

myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);

myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");

ClientCredentials creds = new ClientCredentials();
// Configure peer trust.

creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;

//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.

// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();

Trace.WriteLine("state = "+ myHost.State);

// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}

and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy

proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>

cheers,

Manjree
Jun 27 '08 #2
Thanks Morten. But it is still throwing the same exception. :(
Manjree.

"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>

to the common name of your service certificate?

Morty

"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,

I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:

An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll

Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:

namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}

protected override void OnStart(string[] args)
{
try
{
//Create the host.

Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);

binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";

binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;

myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);

myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");

ClientCredentials creds = new ClientCredentials();
// Configure peer trust.

creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;

//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to the
Trace.

// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();

Trace.WriteLine("state = "+ myHost.State);

// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}

and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy

proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>

cheers,

Manjree
Jun 27 '08 #3
Hi Manjree,

From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF service.

The error message does indicate that the "identity" of the endpoint hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided, you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.

I've also replied you in another WCF windows service hosted thread. In that
thread you mentioend that you can not get WCF configuration (in app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service exe(
as windowsservice.exe.config file)?

Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test. This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.

BTW, here is the test configuration setting( for server and client) I used:
==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">

<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>

</identity>
</endpoint>
</client>
==================

Anyway, you need to make sure the one you specified at service side also
matches the client-side's.

If there is anything else unclear, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.

"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>

to the common name of your service certificate?

Morty

"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,

I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:

An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll

Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
The WinSvchost file is:

namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}

protected override void OnStart(string[] args)
{
try
{
//Create the host.

Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);

binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";

binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;

myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);

myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");

ClientCredentials creds = new ClientCredentials();
// Configure peer trust.

creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;

//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to
the
Trace.

// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
myHost.Open();

Trace.WriteLine("state = "+ myHost.State);

// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
}

and the Client is:
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy

proxy.EnableMatGui(false);
}
The app.config for the client is :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess">
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>

cheers,

Manjree
Jun 27 '08 #4

Hi Steven,

Thanks for the reply. Now I am getting following exception:

System.ServiceModel.FaultException: The request for security token could not
be satisfied because authentication failed.

Thought I have added Authentication to PeerOrChainTrust as follows at client:

<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess_IP reprocess"
behaviorConfiguration="ServiceBehavior"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess_IPreprocess">
<identity>
<certificate
encodedValue="AwAAAAEAAAAUAAAADJPQRd/3I06+gno+HiOn3/qqct0gAAAAAQAAALcBAAAwggGzMIIBYaADAgECAhBTBwz954p0 q0IsNrgvUW9KMAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdC BBZ2VuY3kwHhcNMDgwNTIxMTA0NjU4WhcNMzkxMjMxMjM1OTU5 WjAWMRQwEgYDVQQDEwt3aW5kb3dzaG9zdDCBnzANBgkqhkiG9w 0BAQEFAAOBjQAwgYkCgYEAxELJ4QxIFY7sHWOf7zsW7lwsEXjX UhpY3xHSsvMK42nnHJotSmsSxLBNFRVvTgKITaowimtFX9/OSvTJ4MM5nB/W342rmclyjUaLSLBdDa7+39tPO5RRDjY3tln45mw1lCrI0TD1I rQ48/YrD6zmu1ZLzOaFEAf3vvpEYgUJKbcCAwEAAaNLMEkwRwYDVR0B BEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1 Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MAkGBSsOAwId BQADQQBydNDtJucuxVh4HhPXkDurEMx/f/rsxJQ4nVOtqdOH1dvp4SKA/GNXMGWb2z8sA/F3ELcNSPeRLo/4XYuZyHFf" />
<dns value="windowshost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Cheers,

Manj

"Steven Cheng [MSFT]" wrote:
Hi Manjree,

From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF service.

The error message does indicate that the "identity" of the endpoint hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided, you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.

I've also replied you in another WCF windows service hosted thread. In that
thread you mentioend that you can not get WCF configuration (in app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service exe(
as windowsservice.exe.config file)?

Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test. This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.

BTW, here is the test configuration setting( for server and client) I used:
==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">

<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>

</identity>
</endpoint>
</client>
==================

Anyway, you need to make sure the one you specified at service side also
matches the client-side's.

If there is anything else unclear, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.

"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>

to the common name of your service certificate?

Morty

"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
>
I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:
>
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred in
mscorlib.dll
>
Additional information: Secure channel cannot be opened because security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied by
the
EndpointAddress correctly identifies the remote endpoint.
>
>
The WinSvchost file is:
>
>
>
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
>
protected override void OnStart(string[] args)
{
try
{
//Create the host.
>
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
>
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
>
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
>
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
>
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
>
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
>
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
>
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner to
the
Trace.
>
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
>
>
myHost.Open();
>
Trace.WriteLine("state = "+ myHost.State);
>
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
>
>
}
>
and the Client is:
>
>
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
>
proxy.EnableMatGui(false);
}
>
>
The app.config for the client is :
>
>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
Jun 27 '08 #5
Hi Manj,

Thanks for your reply.

The error seems still concerns with the certificate (which may not be
validated as trusted one).

Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.

Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:

#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx

If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?TWFuag==?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
<4F**********************************@microsoft.co m>
<JI**************@TK2MSFTNGHUB02.phx.gbl>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Wed, 4 Jun 2008 07:51:01 -0700

Hi Steven,

Thanks for the reply. Now I am getting following exception:

System.ServiceModel.FaultException: The request for security token could
not
be satisfied because authentication failed.

Thought I have added Authentication to PeerOrChainTrust as follows at
client:

<client>
<endpoint address="http://localhost:8080/PreprocessingService"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IPreprocess_IP reprocess"
behaviorConfiguration="ServiceBehavior"
contract="ServiceReference1.IPreprocess"
name="WSHttpBinding_IPreprocess_IPreprocess">
<identity>
<certificate
encodedValue="AwAAAAEAAAAUAAAADJPQRd/3I06+gno+HiOn3/qqct0gAAAAAQAAALcBAAAwgg
GzMIIBYaADAgECAhBTBwz954p0q0IsNrgvUW9KMAkGBSsOAwId BQAwFjEUMBIGA1UEAxMLUm9vdC
BBZ2VuY3kwHhcNMDgwNTIxMTA0NjU4WhcNMzkxMjMxMjM1OTU5 WjAWMRQwEgYDVQQDEwt3aW5kb3
dzaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxELJ 4QxIFY7sHWOf7zsW7lwsEXjXUh
pY3xHSsvMK42nnHJotSmsSxLBNFRVvTgKITaowimtFX9/OSvTJ4MM5nB/W342rmclyjUaLSLBdDa
7+39tPO5RRDjY3tln45mw1lCrI0TD1IrQ48/YrD6zmu1ZLzOaFEAf3vvpEYgUJKbcCAwEAAaNLME
kwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDAS BgNVBAMTC1Jvb3QgQWdlbmN5gh
AGN2wAqgBkihHPuNSqXDX0MAkGBSsOAwIdBQADQQBydNDtJucu xVh4HhPXkDurEMx/f/rsxJQ4nV
OtqdOH1dvp4SKA/GNXMGWb2z8sA/F3ELcNSPeRLo/4XYuZyHFf" />
<dns value="windowshost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehavior">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Cheers,

Manj

"Steven Cheng [MSFT]" wrote:
Hi Manjree,

From the description, the problem occurs when you try using x509
certificate based message security in a windows service hosted WCF
service.
>
The error message does indicate that the "identity" of the endpoint
hasn't
be specified. I think the endpoint identity should be the service
endpoint's identify setting(at service side). In the code you provided,
you
programmtically create the servicehost and add the endpoint, however, you
didn't add an endpoint identity for it.

I've also replied you in another WCF windows service hosted thread. In
that
thread you mentioend that you can not get WCF configuration (in
app.config)
work with Windows service, correct? I've tested and verify that windows
service can correctly load WCF configuration settings just like other
application(console or winform or asp.net...) without problem. have you
made sure the app.config is correctly copied with the windows service
exe(
as windowsservice.exe.config file)?

Also, generally for such scenario, I suggest you first create a normal
console application and copy the WCF code(change it to
configuration/declarative style) into the console applicaiton to test.
This
can simplfy the troubleshooting and also detect whether the problem is
specific to windows service.

BTW, here is the test configuration setting( for server and client) I
used:
>

==============server====================
<system.serviceModel>
<services>
<service name="WcfService1.Service1"
behaviorConfiguration="WcfService1.Service1Behavio r">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="certBinding"
contract="WcfService1.IService1">

<identity>
<certificateReference storeName="My"
storeLocation="LocalMachine"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
======client =============
<client>
<endpoint address="http://localhost:33382/Service1.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1"
contract="WCFCert.IService1"
name="WSHttpBinding_IService1">
<identity>
<certificateReference storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a9 1"/>

</identity>
</endpoint>
</client>
==================

Anyway, you need to make sure the one you specified at service side also
matches the client-side's.

If there is anything else unclear, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
>

--------------------
From: =?Utf-8?B?TWFuanJlZSBHYXJn?= <ga**@newsgroup.nospam>
References: <59**********************************@microsoft.co m>
<1B**********************************@microsoft.co m>
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Fri, 23 May 2008 02:12:00 -0700
Thanks Morten. But it is still throwing the same exception. :(
Manjree.

"Morten Abrahamsen" wrote:
Try changing
<identity>
<servicePrincipalName value="host/Avacta-n31m-1" />
</identity>

to the common name of your service certificate?

Morty

"Manjree Garg" <ga**@newsgroup.nospamwrote in message
news:59**********************************@microsof t.com...
Hi,
>
I created a web service and hosted it in Windows Services. It is
working
fine. Now I am trying to implement the X509 certificates for message
layer
security. But it is throwing the following exception:
>
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationE xception' occurred
in
mscorlib.dll
>
Additional information: Secure channel cannot be opened because
security
negotiation with the remote endpoint has failed. This may be due to
absent
or
incorrectly specified EndpointIdentity in the EndpointAddress used to
create
the channel. Please verify the EndpointIdentity specified or implied
by
the
EndpointAddress correctly identifies the remote endpoint.
>
>
The WinSvchost file is:
>
>
>
namespace PreprocessingWinSvcHost
{
public partial class PreprocessingWinSvc : ServiceBase
{
private ServiceHost myHost;
public PreprocessingWinSvc()
{
InitializeComponent();
}
>
protected override void OnStart(string[] args)
{
try
{
//Create the host.
>
Uri address = new
Uri("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
Type contract = typeof(IPreprocess);
>
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
binding.Name = "WSHttpBinding_IPreprocess";
>
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
>
myHost = new ServiceHost(typeof(PreprocessingService));
myHost.AddServiceEndpoint(contract, binding, address);
>
myHost.Credentials.ServiceCertificate.SetCertifica te(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "windowshost");
>
ClientCredentials creds = new ClientCredentials();
// Configure peer trust.
>
creds.ServiceCertificate.Authentication.Certificat eValidationMode =
>
X509CertificateValidationMode.PeerOrChainTrust;
>
//Creates an output file.
Stream MyOutputFile =
File.Create("c:\\checklog\\Logfile1.txt");
TextWriterTraceListener TextListener1 = new
TextWriterTraceListener(MyOutputFile);
Trace.Listeners.Add(TextListener1); //Add a listner
to
the
Trace.
>
// Writes output message to the output file and to a
console
screen.
Trace.WriteLine(DateTime.Now.ToLongTimeString() + " -
Service starting...");
>
>
myHost.Open();
>
Trace.WriteLine("state = "+ myHost.State);
>
// Flush and close the output file.
Trace.Flush();
TextListener1.Flush();
TextListener1.Close();
}
catch (Exception e)
{
Console.WriteLine("Message: {0}", e.Message);
}
>
>
}
>
and the Client is:
>
>
namespace PreprocessingClient
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("**** Preprocessing Client ****");
EndpointAddress address = new
EndpointAddress("http://localhost:8080/PreprocessingService");
WSHttpBinding binding = new WSHttpBinding();
binding.MaxBufferPoolSize = 200000000;
binding.MaxReceivedMessageSize = 200000000;
System.ServiceModel.ChannelFactory<IPreprocesscf =
new
System.ServiceModel.ChannelFactory<IPreprocess>(bi nding,
address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "WCFUser");
cf.Credentials.ServiceCertificate.SetDefaultCertif icate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,"windowshost");
IPreprocess proxy = cf.CreateChannel();
// PreprocessClient proxy = new PreprocessClient();
//proxy.Open(); //open the client's proxy
>
proxy.EnableMatGui(false);
}
>
>
The app.config for the client is :
>
>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPreprocess"
closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:40:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="200000000"
maxReceivedMessageSize="20000000"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:8080/PreprocessingService"
Jun 27 '08 #6
Hi Manj,

Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,

Thanks for your reply.

The error seems still concerns with the certificate (which may not be
validated as trusted one).

Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.

Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:

#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx

If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Jun 27 '08 #7
Hi Steven,

Thanks for the followup. It is working now. I tried to reply you earlier
but was not able to reply on newsgroup for some reason (still wondering why?).

Cheers.

Manj.

"Steven Cheng [MSFT]" wrote:
Hi Manj,

Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,

Thanks for your reply.

The error seems still concerns with the certificate (which may not be
validated as trusted one).

Have you got the configuration setting in windows service working(setup WCF
service host without using code)? Also, as I suggested previously, you can
use a console application for test first so as to simplfy the
troubleshooting.

Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:

#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx

If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did you
generate them? Are you using makecert.exe or windows certificate service?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Jun 27 '08 #8
Hi Manj,

Glad to hear from you and nice to get that it is working now.

Also, for the newsgroup accessing problem, does it still exists now and
whether it is a constinous problem if you try visiting any newsgroup from
IE? If so, please feel free to let me know, I'll help forward the problem
to the proper guys.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Date: Wed, 11 Jun 2008 02:25:00 -0700
Hi Steven,

Thanks for the followup. It is working now. I tried to reply you earlier
but was not able to reply on newsgroup for some reason (still wondering
why?).

Cheers.

Manj.

"Steven Cheng [MSFT]" wrote:
Hi Manj,

Any progress on this issue? I'm still monitoring the thread, if there is
anything else we can help, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
Date: Thu, 05 Jun 2008 04:42:46 GMT
Subject: Re: System.ServiceModel.Security.SecurityNegotiationEx ception
Hi Manj,

Thanks for your reply.

The error seems still concerns with the certificate (which may not be
validated as trusted one).

Have you got the configuration setting in windows service working(setup
WCF
service host without using code)? Also, as I suggested previously, you
can
use a console application for test first so as to simplfy the
troubleshooting.

Here is the article which mentioned most info about using certificate
authentication with message layer security. You can check some of the
configuration setting with yours:

#WCF security: How to configure message security with x509 authentication
http://developers.de/blogs/damir_dob...09/24/931.aspx

If you still cannot find the cause, I can send you a test solution I used
on my side for your reference. BTW, for the test certificate, how did
you
generate them? Are you using makecert.exe or windows certificate service?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
>
--------------------
Jun 27 '08 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Ronald S. Cook | last post: by
1 post views Thread by Atiz | last post: by
reply views Thread by =?Utf-8?B?a3Nlbg==?= | last post: by
3 posts views Thread by yy | last post: by
2 posts views Thread by NeToKo | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.