An error occurred when verifying security for the message

wcf web-config wcf-binding servicebehavior
Matt Klepeis picture Matt Klepeis · Sep 22, 2010 · Viewed 48.5k times · Source

When I try to call a WCF service I am getting the following message "An error occurred when verifying security for the message."

When I remove the custom authenication the service works no problem. I can't figure out though what I have misconfigured in my web.config. Any insight would be appreciated.

  <system.serviceModel>
     <services>
        <service behaviorConfiguration="NAThriveExtensions.nableAPIBehavior"
          name="NAThriveExtensions.nableAPI">
           <endpoint 
             address="" 
             binding="basicHttpBinding" 
             bindingConfiguration="basicHttpBinding_Secure"
             contract="NAThriveExtensions.InableAPI">
           </endpoint>
           <endpoint 
             address="mex" 
             binding="mexHttpsBinding" 
             contract="IMetadataExchange" />
        </service>
     </services>
     <behaviors>
        <serviceBehaviors>
          <behavior name="NAThriveExtensions.nableAPIBehavior">
            <serviceMetadata httpsGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="false" />
            <serviceCredentials>
              <userNameAuthentication 
                userNamePasswordValidationMode="Custom" 
              customUserNamePasswordValidatorType= "NAThriveExtensions.Authentication, NAThriveExtensions" />
            </serviceCredentials>
          </behavior>
        </serviceBehaviors>
     </behaviors>
     <bindings>
       <basicHttpBinding>
         <binding name="basicHttpBinding_Secure">
           <security mode="TransportWithMessageCredential">
             <message clientCredentialType="UserName"/>
           </security>
         </binding>
       </basicHttpBinding>
     </bindings>
  </system.serviceModel>

Answer

Sam picture Sam · Mar 8, 2013

I was getting this same error message and it turned out to be due to a time difference between my workstation machine and the server hosting the WCF service. The server was about 10 minutes behind my machine and WCF security doesn't seem to like that very much.

To find the root problem I turned on serviceSecurityAuditing in the server's config file. Add the following to the configuration/system.serviceModel/behaviors/serviceBehaviors/behavior section for your service:

<serviceSecurityAudit 
    auditLogLocation="Application" 
    serviceAuthorizationAuditLevel="Failure" 
    messageAuthenticationAuditLevel="Failure" 
    suppressAuditFailure="true"/>

The following site was helpful in figuring this out:

http://blogs.microsoft.co.il/blogs/urig/archive/2011/01/23/wcf-quot-an-error-occurred-when-verifying-security-for-the-message-quot-and-service-security-audit.aspx

Related questions

maxReceivedMessageSize not fixing 413: Request Entity Too Large

My call to my WCF web service is failing with System.Net.WebException: The request failed with HTTP status 413: Request Entity Too Large. Checking Fiddler, I see that I'm sending: Content-Length: 149839 Which is over 65KB. Enabling WCF tracing on the …

Read More
How can I combine the WCF services config for both http and https in one web.config?

I spent a lot of time figuring out how to configure my WCF services so that they would work for https in the production environment. Basically, I needed to do this: <behaviors> <serviceBehaviors> <behavior name="…

Read More
(401) Unauthorized error : WCF security/binding

I have a WCF web service, and a client both on the same machine. Accessing the WCF web service directly using the browser works, but the client can't connect; error message below. Any ideas? Integrated Windows Auth in IIS is …

Read More