| Groups | Blog | Home |
dotnet web services enhancements : WSE 3.0 X.509 certs problem
I had done a lot of experimenting with WSE 2.0 and it all seemed to work after a fashion. I have recently installed WSE 3.0 and went through the setup several times to try an figure out why the X.509 certs don't seem to be working correctly. I have a simple HelloWorld program that I am trying to secure with these certs - no rocket science here. I have added and removed the policies from both client and service side several times thinking I must have set something up incorrectly. None the less, I am using the test certs that came with the hands on labs so I have a Client Cert, and a server Cert which has a private and public key. Here are the errors that I get in the app event log: Event Type: Error Event Source: Microsoft WSE 3.0 Event Category: None Event ID: 0 Date: 6/9/2006 Time: 3:15:55 PM User: N/A Computer: OHBOCXX99RMRVK Description: An error occured processing an outgoing fault response. Details of the error causing the processing failure: System.InvalidOperationException: Send security filter on the server could not retrieve the operation protection requirements from the operation state. at Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) at Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope outputEnvelope) The SOAP fault that was being processed follows: <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action> <wsa:MessageID>urn:uuid:149c64e0-c4a1-416a-b9f9-89a4b1d076a9</wsa:MessageID> <wsa:RelatesTo>urn:uuid:5fcec70c-c985-4a2f-84e0-08075a07aca6</wsa:RelatesTo> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To> </soap:Header> <soap:Body> <soap:Fault> <faultcode xmlns:prefix2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">prefix2:FailedAuthentication</faultcode> <faultstring>System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.Security.SecurityException: WSE3003: The certificate's trust chain could not be verified. Please check if the certificate has been properly installed in the Trusted People Certificate store. Or you might want to set allowTestRoot configuration section to true if this is a test certificate. at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust() at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify() at Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) The Zone of the assembly that failed was: MyComputer --- End of inner exception stack trace --- at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount) at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope envelope, String localActor, String serviceActor) at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)</faultstring> <faultactor>http://localhost:3577/DemoWS/Service.asmx</faultactor> </soap:Fault> </soap:Body> </soap:Envelope> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------------------------------------------------------------------------- 2nd error: ------------------------------------------------------------------------------------------- Event Type: Error Event Source: Microsoft WSE 3.0 Event Category: None Event ID: 0 Date: 6/9/2006 Time: 3:15:55 PM User: N/A Computer: OHBOCXX99RMRVK Description: System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.Security.SecurityException: WSE3003: The certificate's trust chain could not be verified. Please check if the certificate has been properly installed in the Trusted People Certificate store. Or you might want to set allowTestRoot configuration section to true if this is a test certificate. at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust() at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify() at Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) The Zone of the assembly that failed was: MyComputer --- End of inner exception stack trace --- at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount) at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope envelope, String localActor, String serviceActor) at
Hi,
Julie Lerman had already solved this problem and I just found her reponse to someone else: "1) Did you check the "allow test root" option on the security page for the wse configuration of the client and service app?" Thanks Julie - and loved your latest webcast on WSE 3.0 btw! regards, BillC [quoted text, click to view] "Bill44077" wrote:
> Hello, > > I had done a lot of experimenting with WSE 2.0 and it all seemed to work > after a fashion. I have recently installed WSE 3.0 and went through the setup > several times to try an figure out why the X.509 certs don't seem to be > working correctly. I have a simple HelloWorld program that I am trying to > secure with these certs - no rocket science here. I have added and removed > the policies from both client and service side several times thinking I must > have set something up incorrectly. None the less, I am using the test certs > that came with the hands on labs so I have a Client Cert, and a server Cert > which has a private and public key. Here are the errors that I get in the app > event log: > > Event Type: Error > Event Source: Microsoft WSE 3.0 > Event Category: None > Event ID: 0 > Date: 6/9/2006 > Time: 3:15:55 PM > User: N/A > Computer: OHBOCXX99RMRVK > Description: > An error occured processing an outgoing fault response. > > Details of the error causing the processing failure: > System.InvalidOperationException: Send security filter on the server could > not retrieve the operation protection requirements from the operation state. > at > Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) > at > Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope) > at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope > envelope) > at > Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope > outputEnvelope) > > The SOAP fault that was being processed follows: > <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> > <soap:Header> > > <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action> > > <wsa:MessageID>urn:uuid:149c64e0-c4a1-416a-b9f9-89a4b1d076a9</wsa:MessageID> > > <wsa:RelatesTo>urn:uuid:5fcec70c-c985-4a2f-84e0-08075a07aca6</wsa:RelatesTo> > > <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To> > </soap:Header> > <soap:Body> > <soap:Fault> > <faultcode > xmlns:prefix2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">prefix2:FailedAuthentication</faultcode> > <faultstring>System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: The security token could not > be authenticated or authorized ---> System.Security.SecurityException: > WSE3003: The certificate's trust chain could not be verified. Please check > if the certificate has been properly installed in the Trusted People > Certificate store. Or you might want to set allowTestRoot configuration > section to true if this is a test certificate. > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust() > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify() > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token) > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) > The Zone of the assembly that failed was: > MyComputer > --- End of inner exception stack trace --- > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) > at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement > element, SecurityConfiguration configuration, Int32& tokenCount) > at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) > at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope > envelope, String localActor, String serviceActor) > at > Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) > at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope > requestEnvelope) > at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage > message) > at System.Web.Services.Protocols.SoapServerProtocol.Initialize() > at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, > HttpContext context, HttpRequest request, HttpResponse response, Boolean& > abortProcessing)</faultstring> > <faultactor>http://localhost:3577/DemoWS/Service.asmx</faultactor> > </soap:Fault> > </soap:Body> > </soap:Envelope> > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > ------------------------------------------------------------------------------------------- > 2nd error: > ------------------------------------------------------------------------------------------- > > Event Type: Error > Event Source: Microsoft WSE 3.0 > Event Category: None > Event ID: 0 > Date: 6/9/2006 > Time: 3:15:55 PM > User: N/A > Computer: OHBOCXX99RMRVK > Description: > System.ApplicationException: WSE841: An error occured processing an outgoing > fault response. ---> System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: The security token could not > be authenticated or authorized ---> System.Security.SecurityException: > WSE3003: The certificate's trust chain could not be verified. Please check > if the certificate has been properly installed in the Trusted People > Certificate store. Or you might want to set allowTestRoot configuration > section to true if this is a test certificate. > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust() > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify() > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token) > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) > The Zone of the assembly that failed was: > MyComputer
Hello!
Please I need your help because you had done a lot of experimenting with WSE 2.0 and you it all seemed to work. I am working now with WSE 2.0 and I want to encrypt a soap message and decrypt it using X509 certificate. I use WSE2QuickStartServer and WSE2QuickStartClient given by WSE in their Samples. I think that encryption walk well. but when I call my proxy: secureWSWSE myProxy = new secureWSWSE(); int value = myProxy.myWebService(); I have an exception: System.InvalidOperationException Private Key is not available, Please try later. Why? I encrypt using code and I decrypt using Policy as we can see in WSE help. Please could you help me? Thanks [quoted text, click to view] "Bill44077" wrote:
> Hello, > > I had done a lot of experimenting with WSE 2.0 and it all seemed to work > after a fashion. I have recently installed WSE 3.0 and went through the setup > several times to try an figure out why the X.509 certs don't seem to be > working correctly. I have a simple HelloWorld program that I am trying to > secure with these certs - no rocket science here. I have added and removed > the policies from both client and service side several times thinking I must > have set something up incorrectly. None the less, I am using the test certs > that came with the hands on labs so I have a Client Cert, and a server Cert > which has a private and public key. Here are the errors that I get in the app > event log: > > Event Type: Error > Event Source: Microsoft WSE 3.0 > Event Category: None > Event ID: 0 > Date: 6/9/2006 > Time: 3:15:55 PM > User: N/A > Computer: OHBOCXX99RMRVK > Description: > An error occured processing an outgoing fault response. > > Details of the error causing the processing failure: > System.InvalidOperationException: Send security filter on the server could > not retrieve the operation protection requirements from the operation state. > at > Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) > at > Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope) > at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope > envelope) > at > Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope > outputEnvelope) > > The SOAP fault that was being processed follows: > <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> > <soap:Header> > > <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action> > > <wsa:MessageID>urn:uuid:149c64e0-c4a1-416a-b9f9-89a4b1d076a9</wsa:MessageID> > > <wsa:RelatesTo>urn:uuid:5fcec70c-c985-4a2f-84e0-08075a07aca6</wsa:RelatesTo> > > <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To> > </soap:Header> > <soap:Body> > <soap:Fault> > <faultcode > xmlns:prefix2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">prefix2:FailedAuthentication</faultcode> > <faultstring>System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: The security token could not > be authenticated or authorized ---> System.Security.SecurityException: > WSE3003: The certificate's trust chain could not be verified. Please check > if the certificate has been properly installed in the Trusted People > Certificate store. Or you might want to set allowTestRoot configuration > section to true if this is a test certificate. > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust() > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify() > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token) > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) > The Zone of the assembly that failed was: > MyComputer > --- End of inner exception stack trace --- > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element) > at > Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) > at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement > element, SecurityConfiguration configuration, Int32& tokenCount) > at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) > at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope > envelope, String localActor, String serviceActor) > at > Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) > at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope > requestEnvelope) > at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage > message) > at System.Web.Services.Protocols.SoapServerProtocol.Initialize() > at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, > HttpContext context, HttpRequest request, HttpResponse response, Boolean& > abortProcessing)</faultstring> > <faultactor>http://localhost:3577/DemoWS/Service.asmx</faultactor> > </soap:Fault> > </soap:Body> > </soap:Envelope> > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > ------------------------------------------------------------------------------------------- > 2nd error: > ------------------------------------------------------------------------------------------- > > Event Type: Error > Event Source: Microsoft WSE 3.0 > Event Category: None > Event ID: 0 > Date: 6/9/2006 > Time: 3:15:55 PM > User: N/A > Computer: OHBOCXX99RMRVK > Description: > System.ApplicationException: WSE841: An error occured processing an outgoing > fault response. ---> System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: The security token could not > be authenticated or authorized ---> System.Security.SecurityException: > WSE3003: The certificate's trust chain could not be verified. Please check > if the certificate has been properly installed in the Trusted People > Certificate store. Or you might want to set allowTestRoot configuration > section to true if this is a test certificate. > at > Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain) > at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust()
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |