WCF nonce无效或重播

时间:2013-08-27 07:10:14

标签: .net wcf wshttpbinding nonce

我有一个WCF服务,它使用带有可靠会话+消息安全性的wsHttpBinding +自定义用户名验证器。

在内部,使用演示应用程序的每个人都可以检索自定义故障异常。

catch (FaultException<EPIFault> fx)    -- break point on this works

外部正在测试应用程序的第三方供应商

catch (CommunicationException exception) - 3rd party vendor break point lands here

使用Message Security将服务托管在HTTP端口80上。 服务器证书是内部生成的,即

<serviceCertificate findValue="*.au.mycompany.net"

检索数据在内部/外部都可以正常工作。仅收到自定义故障。他们只使用以下消息捕获通信异常:

System.ServiceModel.CommunicationException: The underlying secure session has faulted     before the reliable session fully completed. The reliable session was faulted.\r\n\r\nServer stack trace: \r\n   at System.ServiceModel.Channels.ReliableRequestSessionChannel.SyncRequest.WaitForReply(TimeSpan timeout)\r\n   

以下添加的更多信息

使用serviceSecurityAudit&amp ;;打开WCF审核一直得到这个消息

The nonce is invalid or replayed

使用下面的自定义绑定暂时修复此问题

下面的自定义绑定

 <customBinding>
    <binding name="myCustomBinding" closeTimeout="00:15:00" openTimeout="00:15:00" receiveTimeout="00:15:00" sendTimeout="00:15:00">
      <reliableSession inactivityTimeout="00:15:00" maxRetryCount="8192"  maxPendingChannels="5" ordered="true"  />
      <transactionFlow />
      <security defaultAlgorithmSuite="Default" authenticationMode="SecureConversation"
       requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
       requireSecurityContextCancellation="false" requireSignatureConfirmation="false"
       canRenewSecurityContextToken="true">
        <secureConversationBootstrap defaultAlgorithmSuite="Default"
         authenticationMode="UserNameForCertificate"  requireDerivedKeys="true" allowInsecureTransport="true"
         includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
         requireSignatureConfirmation="false">
        </secureConversationBootstrap>
      </security>
      <sslStreamSecurity requireClientCertificate="false"/>
      <binaryMessageEncoding maxReadPoolSize="2147483647" maxSessionSize="2147483647" maxWritePoolSize="2147483647">
        <readerQuotas maxDepth="32" maxStringContentLength="2147483647"
        maxArrayLength="200000" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      </binaryMessageEncoding>
      <httpTransport decompressionEnabled="true" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" transferMode="Buffered"  ></httpTransport>
    </binding>
  </customBinding>

0 个答案:

没有答案