I have a webservice hosted in Azure which is throwing intermittent message security exceptions. We do have retries but the retries have never succeeded even though the proxy is regenerated on every retry. Does anyone know about this or any pointers on how to get the real exception out?
Exception: "exceptionMessage": "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.", "exceptionType": "System.ServiceModel.Security.MessageSecurityException", "innerExceptionTree": "{\"InnerExceptions\":[{\"InnerExceptions\":null,\"Message\":\"The message could not be processed. This is most likely because the action 'http:\/\/schemas.xmlsoap.org\/ws\/2005\/02\/trust\/RST\/SCT\/Cancel' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.\",\"StackTrace\":null,\"Type\":\"System.ServiceModel.FaultException\"}],\"Message\":\"An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.\",\"StackTrace\":\"\u000d\u000aServer stack trace: \u000d\u000a at System.ServiceModel.Security.SecuritySessionClientSettings"1.ClientSecuritySessionChannel.ProcessRequestContext(RequestContext requestContext, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)\u000d\u000a at System.ServiceModel.Security.SecuritySessionClientSettings"1.ClientSecuritySessionChannel.ReceiveInternal(TimeSpan timeout, SecurityProtocolCorrelationState correlationState)\u000d\u000a at System.ServiceModel.Security.SecuritySessionClientSettings"1.SecurityRequestSessionChannel.CloseOutputSession(TimeSpan timeout)\u000d\u000a at System.ServiceModel.Security.SecuritySessionClientSettings"1.ClientSecuritySessionChannel.CloseSession(TimeSpan timeout, Boolean& wasAborted)\u000d\u000a at System.ServiceModel.Security.SecuritySessionClientSettings"1.ClientSecuritySessionChannel.OnClose(TimeSpan timeout)\u000d\u000a at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)\u000d\u000a at System.ServiceModel.Channels.ServiceChannel.OnClose(TimeSpan timeout)\u000d\u000a at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)\u000d\u000a\u000d\u000aException rethrown at [0]: \u000d\u000a at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)\u000d\u000a at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)\u000d\u000a at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)\u000d\u000a at System.ServiceModel.ClientBase"1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)\u000d\u000a at System.ServiceModel.ClientBase"1.Close()\u000d\u000a at System.ServiceModel.ClientBase"1.System.IDisposable.Dispose()\u000d\u000a
Server's web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.diagnostics>
<trace>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.4.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Windows" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="binding" maxReceivedMessageSize="5000000" openTimeout="00:20:00" closeTimeout="00:20:00" sendTimeout="00:20:00" receiveTimeout="01:00:00">
<readerQuotas maxStringContentLength="5000000" maxArrayLength="5000000" />
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" negotiateServiceCredential="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="behavior" name="name">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="binding"
contract="contract" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="behavior">
<serviceCredentials>
<serviceCertificate findValue="15E957FE4732D15B8A88FE524B4CBF0B2F01B18E" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="customCertificateValidatorType, Eventing.Core"/>
</clientCertificate>
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceThrottling maxConcurrentCalls="500" maxConcurrentInstances ="500" maxConcurrentSessions ="500"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>
Client app.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.net>
<connectionManagement>
<add maxconnection = "500" address ="*" />
</connectionManagement>
</system.net>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IFoo"
closeTimeout="00:20:00"
openTimeout="00:20:00"
receiveTimeout="00:20:00"
sendTimeout="00:20:00"
maxBufferPoolSize="5000000"
maxReceivedMessageSize="5000000">
<readerQuotas maxDepth="32"
maxStringContentLength="5000000"
maxArrayLength="5000000"
maxBytesPerRead="5000000"
maxNameTableCharCount="5000000" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://foo.cloudapp.net/bar.svc"
behaviorConfiguration="serviceBehavior" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Foo"
contract="XYZ.IAbc" name="WSHttpBinding_IFoo" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="serviceBehavior">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="e1aa390214b6c7c0ec2b71624cafb0b5ffdccefd" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I have replaced some confidential information with Foo/Bar.