Wcf Gives an Unsecured or Incorrectly Secured Fault Error

Unsecured or incorrectly secured fault error when calling a service with code-behind instead of Web.Config endpoint

...As is often the case, I had the wrong configuration. I was getting a certificate called "MaternumCertificateClient" instead of what my server has configured, which is "MaternumCertificateServer".

More important is how I got to the error.

First step, I set up Wireshark to see what the server replied with:

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/10.0
Set-Cookie: ASP.NET_SessionId=k0xmopx3eitnvmocv1rjas4h; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?QzpcREVWXE1BVFxNYXRlcm51bV9hcHBcc2VydmljZXNcTWF0ZXJudW1QZGZTZXJ2aWNlLnN2Y1xzb2Fw?=
X-Powered-By: ASP.NET
Date: Thu, 22 Aug 2019 16:25:19 GMT
Content-Length: 648

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
    <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
    <a:RelatesTo>urn:uuid:uid is here</a:RelatesTo>
</s:Header>
<s:Body>
    <s:Fault>
        <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
                <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
            </s:Subcode>
        </s:Code>
        <s:Reason>
            <s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text>
        </s:Reason>
    </s:Fault>
</s:Body>
</s:Envelope>

Not much better, but I at least knew who was throwing the exception. So, I looked up if I could find out in more detail. I came across this: An error occurred when verifying security for the message

So, as indicated, I set my server with the following:

<serviceSecurityAudit auditLogLocation=“Application“ 
    serviceAuthorizationAuditLevel=“Failure“ 
    messageAuthenticationAuditLevel=“Failure“ 
    suppressAuditFailure=“true“ />

At configuration/system.serviceModel/behaviors/serviceBehaviors/behavior.

Then, Windows Event Viewer had details on the error.

Windows Event Viewer details

The message shown, 

MessageSecurityException: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'.

indicates a mismatched certificate. I was loading one named MaternumCertificateClient, and I needed MaternumCertificateServer.
Additionally, the lines

pdfService.ClientCredentials.ClientCertificate.Certificate = cert;

pdfService.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;

pdfService.ClientCredentials.ServiceCertificate.DefaultCertificate = GetCertificate("MaternumCertificateClient");

are actually not needed; the certificate is read from the endpoint's identity and these settings weren't required for my setup to work.

an unsecured or incorrectly secured fault was received from the other party

Sorry, but there are a thousand reasons why your service might be getting slow. Most of them will have nothing to do with WCF. I strongly suspect you have a resource leak of some sort, but it's impossible to tell what it is without more information.

An unsecured or incorrectly secured fault was received from the other party.(When working with SAML )

I have resolved error which i had mentioned above.I had to add following tag under my wsfederationbinding

<allowedAudienceUris>
    <add allowedAudienceUri="http://localhost/WCF_MobileInterface/MobileService.svc"/>
</allowedAudienceUris>

the uri mentioned within allowedAudienceuri attribute is the host WCF service.

Actually i got to know this was the error when I added the following tag to host WCF service's web config file(),

<serviceSecurityAudit  auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />

under behavior tag which was mapping to my wsfederationbinding,this tag logs the exact error message within application log category within system`s eventviewer.

Note: I had enabled tracing at server and consumer level, it didnt give proper error message.but I found the issue by checking the error logs in event viewer

hope this helps someone who is struggling with similar sort of error.


Related Topics

Ilookup<Tkey, Tval> VS. Igrouping<Tkey, Tval>

How to Unit Test with Ilogger in ASP.NET Core

Xamarin Project Not Running, Assembly Not Found

Correct Way to Get the Coredispatcher in a Windows Store App

Simple Delegate (Delegate) VS. Multicast Delegates

Receiving JSON Data Back from Http Request

How to Store JSON in an Entity Field with Ef Core

Sortedlist<>, Sorteddictionary<> and Dictionary<>

Learning Single Responsibility Principle with C#

Ilmerge Best Practices

Accessing All the Nodes in Treeview Control

How to Store (And Manage) Application License Information

How to Solve Circular Reference

Order by Dynamic Parameter

Unit Testing File I/O

Convert an Object to an Xml String

When Using a Settings.Settings File in .Net, Where Is the Config Actually Stored

Using Moq to Determine If a Method Is Called


Leave a reply



Submit