WCF错误-消息安全验证失败
我正在尝试一个新的WCF服务。在进行安全分层之前,该服务正在工作。现在我得到了这个错误:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at MyProject.IntegrationSample.MyProjectService.IMyProjectService.GetData(Int32 value)
at MyProject.IntegrationSample.MyProjectService.MyProjectServiceClient.GetData(Int32 value) in C:\code\AdvancedFraudSolutions\MyProject4.0\MyProject.IntegrationSample\Service References\MyProjectService\Reference.cs:line 82
at MyProject.IntegrationSample.Program.Main(String[] args) in C:\code\AdvancedFraudSolutions\MyProject4.0\MyProject.IntegrationSample\Program.cs:line 22
At least one security token in the message could not be validated.在跟踪日志中如下所示:
Message security verification failed.下面是我的服务配置:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="TransportWithMessageCredential"/>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyProject.IntegrationServices.MyProjectService" behaviorConfiguration="basicServiceBehavior">
<endpoint binding="basicHttpBinding" bindingConfiguration="basicBinding"
name="MyProjectServiceEndpoint" contract="MyProject.IntegrationServices.IMyProjectService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="basicServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles"
roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<serviceCertificate findValue="MyServiceCert" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="AspNetSqlMembershipProvider" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<diagnostics>
<messageLogging maxMessagesToLog="25000" logEntireMessage="true" logMessagesAtServiceLevel="false" logMalformedMessages="true"
logMessagesAtTransportLevel="true">
<filters>
<clear/>
</filters>
</messageLogging>
</diagnostics>
</system.serviceModel>下面是我的测试客户端代码和配置:
static void Main(string[] args)
{
MyProjectServiceClient client = new MyProjectServiceClient();
client.ClientCredentials.UserName.UserName = "theuser";
client.ClientCredentials.UserName.Password = "thepass";
try
{
string result = client.GetData(100);
client.Close();
Console.WriteLine(result);
}
catch (Exception ex)
{
client.Abort();
PrintExceptionDetail(ex);
}
Console.ReadLine();
}
private static void PrintExceptionDetail(Exception ex)
{
StringBuilder detail = new StringBuilder();
while (ex != null)
{
detail.AppendLine(ex.Message);
detail.AppendLine(ex.StackTrace);
ex = ex.InnerException;
}
Console.WriteLine(detail);
Console.Write("Copy exception detail to clipboard? (y/n) ");
if (Console.ReadLine().ToLower() == "y")
{
Clipboard.SetText(detail.ToString());
}
}
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyProjectServiceEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:44306/MyProjectService.svc" binding="basicHttpBinding" bindingConfiguration="MyProjectServiceEndpoint"
contract="MyProjectService.IMyProjectService" name="MyProjectServiceEndpoint"/>
</client>
</system.serviceModel>您可以看到,我正在尝试使用basicHttpBinding、TransportWithMessageCredential安全性和成员/角色提供程序进行身份验证/授权。
这是使用IIS express开发的,并将托管在IIS中。
错误的原因是什么?
回答 4
Stack Overflow用户
发布于 2011-06-16 02:43:53
我的配置没有任何问题。问题最终是我使用了sqlserver express的UserInstance作为成员和角色数据库。一旦我正常地创建了一个数据库,一切都开始工作了。很差劲。
Stack Overflow用户
发布于 2013-01-30 13:06:32
我通过在服务主机web.config文件上添加机器密钥解决了此问题。
服务跟踪日志没有帮助。它只给了我“消息安全验证失败”。然后,我为服务主机web.config文件启用了wcf服务事件日志,
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior">
<serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system>
</configuration>我在计算机应用程序事件日志中找到了以下内容,
事件类型:错误事件源: ServiceModel审核4.0.0.0事件类别: MessageAuthentication事件ID: 4日期: 30/01/2013时间: 3:18:27 PM用户: N/A计算机: CENTDAUD05109DL描述:消息身份验证失败。Service:://机器:44304/UploadService.svc操作:http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT ClientIdentity: ActivityId: cf20ce8b-2e8c-45b5-9ab6-adc5051080f8 ProviderException:您必须指定一个非自动生成的机器密钥,以加密格式存储密码。请指定其他passwordFormat,或更改machineKey配置以使用非自动生成的解密密钥。
然后,我将机器密钥添加到服务主机web.config,它就起作用了。下面是示例机器密钥。
<machineKey
validationKey=
"5AD524EF7BEB32A479F8095F8BF7653680066ADE66B5C78F80C3DC1F90
AA3D766F2B69304BFF88DEABEDE1E66D463C81FDEE0FC1A391AD90A6FD1294E7D243B1"
decryptionKey=
"0D7AE7BC7581976D76AC1D68C71BCBA978895CB792DC4F7B9F0D67774378A351"
validation="SHA1"
decryption="AES"/>参考文献,
http://blogs.microsoft.co.il/blogs/urig/archive/2011/01/23/wcf-quot-an-error-occurred-when-verifying-security-for-the-message-quot-and-service-security-audit.aspx
http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/
Stack Overflow用户
发布于 2013-12-19 13:29:21
我将系统时间更改为服务器时间。现在可以正常工作了。但这不是好的方法,如果用户来自其他国家,那么他们必须将时间更改为服务器时间。因此,请任何人提出任何好的方法来做到这一点..
https://stackoverflow.com/questions/6361788
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号