tags:

views:

1054

answers:

4
+2  Q: 

WCF Security in a Windows Service

I have a WCF service which can run as Console App and a Windows Service. I have recently copied the console app up to a W2K3 server with the following security settings:

<wsHttpBinding>
 <binding name="ServiceBinding_Security" transactionFlow="true" >
  <security mode="TransportWithMessageCredential" >
    <message clientCredentialType="UserName" />
  </security>     
 </binding>    
</wsHttpBinding> 

<serviceCredentials>
 <userNameAuthentication  userNamePasswordValidationMode="Custom" 
  customUserNamePasswordValidatorType="Common.CustomUserNameValidator, Common" />
</serviceCredentials>

Security works fine with no problems. I have exactly the same code, but running in a windows service and I get the following error when I try to call any of the methods from a client:

System.ServiceModel.Security.MessageSecurityException was unhandled
Message="An unsecured or incorrectly secured fault was received from 
         the other party. See the inner FaultException for the fault code and detail."
  Source="mscorlib"
  StackTrace:
    Server stack trace: 
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
       ......   
    (lots of stacktrace info - not very useful)

  InnerException: System.ServiceModel.FaultException
       Message="An error occurred when verifying security for the message."

The exception tells me nothing. I'm assuming that it has something to do with acces to system resources from the Windows Service. I've tried running it under the same account as the console app, but no luck. Does anyone have any ideas?

A: 

You're using a custom user/name validator - does the Windows service have access to that file(s) ?

What account are you running the NT Service under ?

Does it work with all security turned off?? (just to see)

Marc

marc_s  2009-10-13 15:34:57
Diagnostic error message = The Security Protocol cannot verify the incoming message. Nothing else.I can confirm the service works without security.I've tried running the service under "Local System" and "Administrator"The Custom Name Validator is validating against a custom section in the app.config.
Alphonso  2009-10-13 16:33:55
A: 

This is an error that sometimes has nothing to do with security.

I would recomend that you try first to get it to work without security, then just with message security, then with transport and finally with TransportWithMessageCredential.

Also if you are running the console app and the windows service app on the same machine make sure to stop the console app before starting the windows service, in order to avoid a port conflict

Shiraz Bhaiji  2009-10-13 15:35:51
A: 

Enable diagnostics on the service. That should give you a pretty good idea of whether the service is even receiving the message and where the service is throwing an exception.

Maurice  2009-10-13 15:37:01
A: 

Update - I changed the customUserNamePasswordValidatorType from Custom to Windows. This worked fine in both the Console and Windows Service. I can only assume that something in the Custom Validator was causing the problem.

The custom validator used a custom config section in the App.config to validate the userid and Password. I would have thought this would have worked from a windows service though.

Thanks to all those who posted a reply.

Alphonso  2009-10-15 10:12:57

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability