I'm trying to get authenticated using the the Authentication Service and my Membership Provider. Ideally I want to call my membership provider, but I bomb out before hitting my provider. Says a token cannot be validated. Checking my error log, it appears I'm trying to Authenticate using Windows auth. That's not what I'm intending to do. This is a web with an svc file. I use svcUtil and generate a client from the WSDL. I have a test page in the app that I'm using the client from. Its just a test page and will not be deployed. I see Integrated Windows Auth is checked in IIS which doesnt seem correct, but if I uncheck it, Visual Studio won't debug. Anyways I look in the event log and get two errors
Logon Failure:
Reason: Unknown user name or bad password
User Name: sandagtestuser
Domain:
Logon Type: 8
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SDD-CK
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: sandagtestuser
Source Workstation: SDD-CK
Error Code: 0xC0000064
Here are the bindings in the web.config. Please note I'm trying to use SSL and HTTPS. This is my first stab at WCF security
<system.serviceModel>
<client>
<endpoint address="https://SDD-CK/ATISServices/Services/AuthService.svc/AuthService"
binding="basicHttpBinding" bindingConfiguration="userHttps_AuthenticationService"
contract="AuthenticationService" name="userHttps_AuthenticationService" >
</endpoint>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<behaviors>
<serviceBehaviors>
<behavior name="ATISServices.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="userHttps_AuthenticationService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="true" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport proxyCredentialType="None" clientCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="basic_auth_config">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ATISServices.AuthServiceBehavior"
name="System.Web.ApplicationServices.AuthenticationService">
<endpoint binding="basicHttpBinding" bindingName="userHttps" bindingConfiguration="basic_auth_config"
bindingNamespace="http://asp.net/ApplicationServices/v200"
contract="System.Web.ApplicationServices.AuthenticationService"
address="AuthService"/>
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration=""
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Perhaps some WCF guru out there can help me correct the problem. I see the credentials getting up to the server via the event log, so I must not be too terribly far off. The actual InnerException message on the fault is At least one security token in the message could not be validated.
Lastly here are some additional web.config settings that may be of interest.
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" requireSSL="true"/>
</webServices>
</scripting>
</system.web.extensions>
<authentication mode="Forms" >
<forms cookieless="UseCookies" />
</authentication>
<membership defaultProvider="KCMembershipProvider">
<providers>
<clear/>
<add
name="KCMembershipProvider"
applicationName="/"
type="zcore.MembershipProvider.KCMembershipProvider, zcore.MembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</providers>
</membership>
Any help or tips at this point would be greatly appreciated. I've battled with this for two days. I'm using certificates as well. I made them with 'makecert' tool. One is a Cert Authority and the other is a 'localhost' cert using said Authority. I also have used httpcfg and set the cert thumbprint to port 9307, however when i put ":9307" on the service address, I get connection actively refused. I truly appreciate any help here.
Cheers,
~ck in San Diego