Re: security header is not present in the incoming message

---

• From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 01 Dec 2005 23:55:41 -0800

---

Hello JackMadeja,

from experience - a iisreset does help sometimes...

[Policy] and SetPolicy are called correctly on client/server ?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Security requirements are not satisfied because the security header is
not present in the incoming message

I get this exception every time I run my service thru ordinary IIS
instead of Default IIS in VS.NET Studio. My service is a simple 'Hello
World with certificate policy. My client is simple ASP.NET Web Site
with one button and textbox. I use Certificate Policy
(mutualCertificate11Security) on both server and client. (I have tried
this with anonymousForCertificateSecurity and got same bad result).
Everything works fine if my service and webclient is in same solution
and I run everything thru VS.NET studio build in IIS. But If I create
a virtual directory in my computer IIS, run my service there, change
my web reference to this service I get this exception:

WSE910: An error happened during the processing of a response message,
and you can find the error in the inner exception.  You can also find
the response message in the Response property.

at
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClient
Message
message, String messageContentType)
at
Microsoft.Web.Services3.WebServicesClientProtocol.GetReaderForMessage(
SoapClientMessage message, Int32 bufferSize)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(Soap
ClientMessage message, WebResponse response, Stream responseStream,
Boolean asyncCall)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at localhost.ServiceWse.HelloWorld() in
e:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET
Files\website10\b15bc141\c8235faa\App_WebReferences.qqc4zbev.0.cs:line
46
at _Default.Button1_Click(Object sender, EventArgs e) in
S:\Security\WSEbasic\WSEbasic10\WebSite10\Default.aspx.vb:line 11
--------------Inner Exception ----------------------------
Security requirements are not satisfied because the security header is
not
present in the incoming message.
at
Microsoft.Web.Services3.Security.SecureConversationClientReceiveSecuri
tyFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security
security)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(
SoapEnvelope envelope)
at
Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClient
Message
message, String messageContentType)

Here is my service code:

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.Security.Principal
Imports Microsoft.Web.Services3
Imports Microsoft.Web.Services3.Design
<WebService(Namespace:="http://tempuri.org/";)> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
<Policy("ServerCertPolicy")> _
Public Class xService
Inherits System.Web.Services.WebService
<WebMethod()> _
Public Function HelloWorld() As String
Return "Hello World from xWebService 5"
End Function
End Class

My service web.config looks like that:

<?xml version="1.0" encoding="utf-8"?>
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<configSections>
<section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings />
<connectionStrings />
<system.web>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
</pages>
<webServices>
<soapExtensionImporterTypes>
<add
type="Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</soapExtensionImporterTypes>
<soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory,
Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</webServices>
</system.web>
<microsoft.web.services3>
<security>
<x509 allowTestRoot="false" storeLocation="LocalMachine" />
</security>
<policy fileName="wse3policyCache.config" />
<diagnostics>
<trace enabled="true" input="logs\InputTrace.webinfo"
output="logs\OutputTrace.webinfo" />
</diagnostics>
</microsoft.web.services3>
</configuration>
. and my service policy looks like that:

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="mutualCertificate11Security"
type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ServerCertPolicy">
<mutualCertificate11Security establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="true"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing,
IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing,
IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</mutualCertificate11Security>
<requireActionHeader />
</policy>
</policies>
My client looks like that:

<%@ Page Language="VB" AutoEventWireup="false"
CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>

<html xmlns="http://www.w3.org/1999/xhtml"; >
<head runat="server">
<title>WebSite11</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="Button1" runat="server" Text="WSEservice 2"
Width="160px" /><asp:TextBox
ID="TextBox1" runat="server" Height="440px"
TextMode="MultiLine"
Width="800px"></asp:TextBox> </div>
</form>
</body>
</html>

. and client code:

Imports Microsoft.VisualBasic.ControlChars

Partial Class _Default
Inherits System.Web.UI.Page
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Try
TextBox1.Text = String.Empty
Dim proxy As New localhost.ServiceWse
proxy.SetPolicy("ClientCertPolicy")
TextBox1.Text = proxy.HelloWorld
Catch ex As Exception
Dim strMsg As String = ex.Message & CrLf & CrLf &
ex.StackTrace
Dim exIn As Exception = ex
Do
exIn = exIn.InnerException
If Not exIn Is Nothing Then
strMsg += CrLf & "--------------Inner Exception
----------------------------" & CrLf
strMsg += exIn.Message & CrLf & CrLf &
exIn.StackTrace
Else
Exit Do
End If
Loop
TextBox1.Text = "----- WSEservice 2 Exception --------" &
CrLf &
strMsg
End Try
End Sub
End Class
.with client policy like this:

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="mutualCertificate11Security"
type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ClientCertPolicy">
<mutualCertificate11Security establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="true"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<clientToken>
<x509 storeLocation="CurrentUser" storeName="My"
findValue="CN=WSE2QuickStartClient"
findType="FindBySubjectDistinguishedName"
/>
</clientToken>
<serviceToken>
<x509 storeLocation="CurrentUser" storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing,
IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing,
IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</mutualCertificate11Security>
<requireActionHeader />
</policy>
</policies>
Authentications methods in IIS "Anonymous access" are on and
"Intergrated
Windows authentication" is on. My ASP.NET version is 2.0.50727 and I
use
Visual Studio 2005 Team Suite vers: 8.0.50727.42
I use WSE 3.0 version 3.0.5305.0
I have tried this problem with many different solution - both Windows
Forms
client and different configuration in ASP.NET client and it just won't
work.
As far as I know message "Security requirements are not satisfied
because the
security header is not present in the incoming message" means that
soap
envelope for the request dosen't contain the security header. Why does
my
standard IIS fail with adding that header to the client? Anybody have
answer
to this problem?

.

---

• Follow-Ups:
  • Re: security header is not present in the incoming message
    • From: JackMadeja

• References:
  • security header is not present in the incoming message
    • From: JackMadeja

• Prev by Date: Re: Rijndael Class
• Next by Date: Re: Web App Security and MSIE Settings
• Previous by thread: security header is not present in the incoming message
• Next by thread: Re: security header is not present in the incoming message
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)