At least one security token in the message could not be validated

croisharp picture croisharp · Jul 1, 2011 · Viewed 34k times · Source

Server config:

<?xml version="1.0"?>
<configuration>
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceCredentialsBehavior">
                <serviceCredentials>
                    <serviceCertificate findValue="cn=cool" storeName="TrustedPeople" storeLocation="CurrentUser" />
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="MessageAndUserName">
                <security mode="Message">
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client/>
</system.serviceModel>
<system.web>
    <compilation debug="true"/>
</system.web>

My client config:

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
<system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name="LocalCertValidation">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IService" >
                <security mode="Message">
                    <message clientCredentialType="UserName" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:48097/WCFServer/Service.svc"
                  binding="wsHttpBinding"
                  bindingConfiguration="WSHttpBinding_IService"
                  contract="ServiceReference1.IService"
                  name="WSHttpBinding_IService" behaviorConfiguration="LocalCertValidation">
            <identity>
                <dns value ="cool" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

Service:

public string TestAccess()
{
    return OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name;
}

Client:

        ServiceClient client = new ServiceClient();
        client.ClientCredentials.UserName.UserName = "Admin";
        client.ClientCredentials.UserName.Password = "123";
        Console.WriteLine(client.TestAccess());
        Console.ReadLine();

Error:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Inner exception:
At least one security token in the message could not be validated.

How do I resolve this exception?

Answer

Ladislav Mrnka picture Ladislav Mrnka · Jul 1, 2011

I think the problem is your user name and password. With default configuration user name and password is validated as windows account. If you want other validation you must either use membership provider or custom user name password validator.