Home  /  Questions  /  Question



55   94.7
Jan 24, 2013


Hosting on IIS 7.5 in Windows Server 2008R2: Security Token Failure

Hi,

I am attempting to host the Patterns in Action solution on IIS 7 on a Windows 2008 R2 Server (no domain) and the WinForms application keeps crashing when it tries to connect from a desktop machine (Windows 7 based, also no domain).

The configuration change on the WinForms application was simply:
<endpoint address="http://127.0.0.1:4753/ActionService.svc"... to <endpoint address="http://192.168.16.169:4753/ActionService.svc"The irony is that the WinForms application (with that IP address change) works just fine when it runs on the Windows Server machine that is hosting the WCF service, however, when it run from a different machine, it crashes even before showing the main form.

I used Wireshark to see if there is communication between the client and the host machine and indeed there is. The conversation goes as follows:
POST /ActionService.svc HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: 192.168.16.169:4753
Content-Length: 1097
Expect: 100-continue
Accept-Encoding: gzip, deflate
HTTP/1.1 100 Continue
 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
    <a:MessageID>urn:uuid:c3dfcd17-3de8-4082-82c7-49b7efdd88dd</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">http://192.168.16.169:4753/ActionService.svc</a:To>
  </s:Header>
  <s:Body>
    <t:RequestSecurityToken Context="uuid-44ddd784-6be9-43aa-9b62-cb78dc673fac-7" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
      <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
      <t:KeySize>256</t:KeySize>
      <t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAABAAAAt4IY4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==</t:BinaryExchange>
    </t:RequestSecurityToken>
  </s:Body>
</s:Envelope>

HTTP/1.1 200 OK
Content-Length: 1108
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 24 Jan 2013 08:39:21 GMT
 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
    <a:RelatesTo>urn:uuid:c3dfcd17-3de8-4082-82c7-49b7efdd88dd</a:RelatesTo>
  </s:Header>
  <s:Body>
    <t:RequestSecurityTokenResponse Context="uuid-44ddd784-6be9-43aa-9b62-cb78dc673fac-7" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAACAAAAHAAcADgAAAA1gpriIt/Bc8QfrmEAAAAAAAAAAJAAkABUAAAABgGwHQAAAA9XAEkATgBTADIASwA4AEkATgBTAFQAQQBMAEwAAgAcAFcASQBOAFMAMgBLADgASQBOAFMAVABBAEwATAABABwAVwBJAE4AUwAyAEsAOABJAE4AUwBUAEEATABMAAQAHABXAEkATgBTADIASwA4AEkATgBTAFQAQQBMAEwAAwAcAFcASQBOAFMAMgBLADgASQBOAFMAVABBAEwATAAHAAgAO3yCTg76zQEAAAAA</t:BinaryExchange>
    </t:RequestSecurityTokenResponse>
  </s:Body>
</s:Envelope>

POST /ActionService.svc HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: 192.168.16.169:4753
Content-Length: 1638
Expect: 100-continue
Accept-Encoding: gzip, deflate
HTTP/1.1 100 Continue
 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
    <a:MessageID>urn:uuid:4efc2653-ffca-4adb-b0c3-154f2dd298bc</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">http://192.168.16.169:4753/ActionService.svc</a:To>
  </s:Header>
  <s:Body>
    <t:RequestSecurityTokenResponse Context="uuid-44ddd784-6be9-43aa-9b62-cb78dc673fac-7" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAADAAAAGAAYAIwAAAA+AT4BpAAAABIAEgBYAAAAEAAQAGoAAAASABIAegAAABAAEADiAQAANYKY4gYBsB0AAAAPHtqMVkacaRJuk1ZGBRDvI0wAaQBnAGgAdABuAGkAbgBnAE0AYQBoAGEAcABlAGwAYQBMAEkARwBIAFQATgBJAE4ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACP65rHpDcuMnUBVr/tiGxmAQEAAAAAAAA7fIJODvrNASh80e3OFYhxAAAAAAIAHABXAEkATgBTADIASwA4AEkATgBTAFQAQQBMAEwAAQAcAFcASQBOAFMAMgBLADgASQBOAFMAVABBAEwATAAEABwAVwBJAE4AUwAyAEsAOABJAE4AUwBUAEEATABMAAMAHABXAEkATgBTADIASwA4AEkATgBTAFQAQQBMAEwABwAIADt8gk4O+s0BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAN3DeyMG6WCo3V5+f0xSuCf+RR45EtIopV+4xJj9l7+jCgAQAAAAAAAAAAAAAAAAAAAAAAAJACYAaABvAHMAdAAvADEAOQAyAC4AMQA2ADgALgAxADYALgAxADYAOQAAAAAAAAAAAAAAAACEVGC1iENY2dPxs+CMDSud</t:BinaryExchange>
    </t:RequestSecurityTokenResponse>
  </s:Body>
</s:Envelope>

HTTP/1.1 500 Internal Server Error
Content-Length: 641
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 24 Jan 2013 08:39:21 GMT
 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
    <a:RelatesTo>urn:uuid:4efc2653-ffca-4adb-b0c3-154f2dd298bc</a:RelatesTo>
  </s:Header>
  <s:Body>
    <s:Fault>
      <s:Code>
        <s:Value>s:Sender</s:Value>
        <s:Subcode>
          <s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/trust">a:FailedAuthentication</s:Value>
        </s:Subcode>
      </s:Code>
      <s:Reason>
        <s:Text xml:lang="en-ZA">The request for security token could not be satisfied because authentication failed.</s:Text>
      </s:Reason>
    </s:Fault>
  </s:Body>
</s:Envelope>
Do you have an idea why it would behave like this from a different machine? 

Additionally, the application seems to request a security token in code during startup. Do you reckon this token failure is part of WCF's own security token process or perhaps the security token that the application requests for during its startup?