Databases
StackOverflow2013
Postsdbo
POHow to make WCF service server-client time difference independent?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to make WCF service server-client time difference independent?
    text
    copied!<p>While accessing WCF service from a test client, I am getting following exception:</p> <pre><code>System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---&gt; System.ServiceModel.FaultException: An error occurred when verifying security for the message. --- End of inner exception stack trace --- </code></pre> <p>I searched on internet the root cause of this problem. I found that this is mostly caused due to client-server time difference. But I was unable to find the correct solution to it. Following is my server side configuration:</p> <pre><code> &lt;system.serviceModel&gt; &lt;bindings&gt; &lt;wsHttpBinding&gt; &lt;binding name="RequestUserName"&gt; &lt;security mode="Message"&gt; &lt;message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /&gt; &lt;/security&gt; &lt;/binding&gt; &lt;/wsHttpBinding&gt; &lt;/bindings&gt; &lt;services&gt; &lt;service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior"&gt; &lt;!-- Service Endpoints --&gt; &lt;endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding" contract="WCFService.IService1" bindingName="RequestUserName"&gt; &lt;/endpoint&gt; &lt;endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /&gt; &lt;/service&gt; &lt;/services&gt; &lt;behaviors&gt; &lt;serviceBehaviors&gt; &lt;behavior name="WCFService.Service1Behavior"&gt; &lt;!-- To avoid disclosing metadata information, set the value below to false before deployment --&gt; &lt;serviceMetadata httpGetEnabled="false" /&gt; &lt;!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --&gt; &lt;serviceDebug includeExceptionDetailInFaults="false" /&gt; &lt;/behavior&gt; &lt;/serviceBehaviors&gt; &lt;/behaviors&gt; &lt;serviceHostingEnvironment&gt; &lt;baseAddressPrefixFilters&gt; &lt;add prefix="http://subdomain.domain.com/"/&gt; &lt;/baseAddressPrefixFilters&gt; &lt;/serviceHostingEnvironment&gt; </code></pre> <p>and Client Side Configuration:</p> <pre><code>&lt;?xml version="1.0" encoding="utf-8" ?&gt; &lt;configuration&gt; &lt;system.serviceModel&gt; &lt;bindings&gt; &lt;wsHttpBinding&gt; &lt;binding name="RequestUserName_IService1" /&gt; &lt;/wsHttpBinding&gt; &lt;/bindings&gt; &lt;client&gt; &lt;endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding" bindingConfiguration="RequestUserName_IService1" contract="ServiceReference1.IService1" name="RequestUserName_IService1"&gt; &lt;identity&gt; &lt;userPrincipalName value="DOMAIN\subdomaincom_web" /&gt; &lt;/identity&gt; &lt;/endpoint&gt; &lt;/client&gt; &lt;/system.serviceModel&gt; &lt;/configuration&gt; </code></pre> <p>Anyone please help me find the solution to this problem.</p> <p><strong>UPDATE:</strong> When I traced the exception, the inner exception is showing this <code>The security timestamp is stale because its expiration time ('2013-08-21T11:17:39.482Z') is in the past. Current time is '2013-08-21T12:31:31.897Z' and allowed clock skew is '00:05:00'.</code></p> <p>My server uses UTC format and my client is a general purpose application that can be downloaded from any country. </p> <p><strong>UPDATE 2:</strong> Config after answer:</p> <pre><code>&lt;system.serviceModel&gt; &lt;bindings&gt; &lt;customBinding&gt; &lt;binding name="Wrabind"&gt; &lt;transactionFlow /&gt; &lt;security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"&gt; &lt;localClientSettings maxClockSkew="00:07:00" /&gt; &lt;localServiceSettings maxClockSkew="00:07:00" /&gt; &lt;secureConversationBootstrap messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" /&gt; &lt;localClientSettings maxClockSkew="00:30:00" /&gt; &lt;localServiceSettings maxClockSkew="00:30:00" /&gt; &lt;/security&gt; &lt;textMessageEncoding /&gt; &lt;httpTransport /&gt; &lt;/binding&gt; &lt;/customBinding&gt; &lt;/bindings&gt; &lt;!-- change --&gt; &lt;services&gt; &lt;service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior"&gt; &lt;!-- Service Endpoints --&gt; &lt;endpoint address="http://subdomain.domain.com/service1.svc" binding="customBinding" contract="WCFService.IService1" bindingName="Wrabind"&gt; &lt;!-- Upon deployment, the following identity element should be removed or replaced to reflect the identity under which the deployed service runs. If removed, WCF will infer an appropriate identity automatically. --&gt; &lt;/endpoint&gt; &lt;endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /&gt; &lt;/service&gt; &lt;/services&gt; &lt;behaviors&gt; &lt;serviceBehaviors&gt; &lt;behavior name="WCFService.Service1Behavior"&gt; &lt;!-- To avoid disclosing metadata information, set the value below to false before deployment --&gt; &lt;serviceMetadata httpGetEnabled="false" /&gt; &lt;!-- change --&gt; &lt;!--&lt;serviceCredentials&gt; &lt;userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFService.Authentication.DistributorValidator, WrangleCoreService"/&gt; &lt;serviceCertificate findValue="WCFService" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/&gt; &lt;/serviceCredentials&gt;--&gt; &lt;!-- change --&gt; &lt;!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --&gt; &lt;serviceDebug includeExceptionDetailInFaults="false" /&gt; &lt;/behavior&gt; &lt;/serviceBehaviors&gt; &lt;/behaviors&gt; &lt;serviceHostingEnvironment&gt; &lt;baseAddressPrefixFilters&gt; &lt;add prefix="http://subdomain.domain.com/"/&gt; &lt;/baseAddressPrefixFilters&gt; &lt;/serviceHostingEnvironment&gt; &lt;!--&lt;standardEndpoints&gt; &lt;webHttpEndpoint&gt; &lt;standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true"/&gt; &lt;/webHttpEndpoint&gt; &lt;/standardEndpoints&gt;--&gt; &lt;/system.serviceModel&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload