Error Call Service MSE with MessageContract (The identity check failed for the outgoing message)

Topics: Technical Questions
Jun 3, 2009 at 1:01 AM
Edited Jun 3, 2009 at 6:53 PM

Hello:

  • I virtualize a service that has MessageContract :

DataContracts

 

[DataContract(Namespace = http://xxxxx/TasacionDetalleRequest/2009/05)]

 

private string  sCodigoAbonado; 

[DataMember(Name = "CodigoAbonado", IsRequired=true, Order = 1)]

public string CodigoAbonado

{

get { return this.sCodigoAbonado; }

set { sCodigoAbonado = value; }

 

}

 

}

[DataContract(Namespace = http://xxxx/TasacionResponse/2009/05)] 

public class TasacionResponse private XmlElement oXml;<font size="2"> DataMemberAttribute(Name = "TramaSalida", Order = 1)] 

{

 

[

public XmlElement TramaSalida

{

get { return oXml; }

set { this.oXml = value;

 }

}

  • Has this MessageContracts:

 [MessageContract]

 

 

public class TasacionClasificarAbonadoRequestMessage MessageBodyMember]

{

[

public TasacionClasificarAbonadoRequest request;

}

 [MessageContract]

public class TasacionResponseMessage MessageBodyMember]

{

[

public TasacionResponse response;

 }

  • Has this service implementation

public TasacionResponseMessage ClasificarAbonado(TasacionClasificarAbonadoRequestMessage mReq) TasacionResponseMessage msgResponse = new TasacionResponseMessage ();

{

 

try

 

{

//Business Logic<font size="2"> new TasacionResponse();

msgResponse.response =

msgResponse.response.TramaSalida = xdoc.DocumentElement;

}

catch (Exception ex)

{

}

return msgResponse;

}

When I virtualize the Service MSE makeit Sucessfully (the service in MSE has this route http://localhost/SCL.Tasacion), but when i call from a web application the MSE Service return this error in the operation ClasificarAbonado:

TasacionMSE.ClasificarAbonadoRequest request = new TasacionMSE.ClasificarAbonadoRequest();

 

ClasificarAbonadoResponse response = new WebApplication1.TasacionMSE.ClasificarAbonadoRsponse();TokenImpersonationLevel.Impersonation

client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.

client.ClientCredentials.Windows.ClientCredential.UserName ="Administrator";

client.ClientCredentials.Windows.ClientCredential.Password ="xxxxxxx"

SCLTasacion client = new TasacionMSE.SCLTasacionClient();

;

TasacionMSE.

The error say it:

 

The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn)' for the 'http://localhost/SCL.Tasacion' target endpoint.

 Any Idea??? 

TasacionMSE.

Developer
Jun 3, 2009 at 6:22 PM

I can't quite tell where your error is occuring (the web application client or the MSE trying to call your service implementation).  However, the exception is indicating the EndpointIdentity is unexpected.

You can look at the following MSDN links to understand more about service identities and where you might need to specify it based on your situation:

http://msdn.microsoft.com/en-us/library/ms733130.aspx

http://msdn.microsoft.com/en-us/library/bb628618.aspx

If the Service Principal Name (SPN) needs to be set on the outbound call from the MSE to your service implementation, check out the security guide and sample code as there is a ChannelModelExt class that supports specifying an spn.

Otherwise try setting the SPN in your web application before calling the virtual service hosted by the MSE.

 

Jun 3, 2009 at 7:00 PM
Edited Jun 3, 2009 at 8:43 PM

I change the binding of my service for basichttpbinding(before i have wshttpbinding), I load the service again in MSE Admin Tool, I expose the service in MSE with basichttpbinding and works!!

Can I virtualize services with wshttpbinding? i attach the section of service.

 <servicesservice behaviorConfiguration="XXX.SCL.ServiceImplementation.BL.TasacionServiceBehavior" name="XXX.SCL.ServiceImplementation.BL.TasacionServiceWCF>

<services>

<endpoint address="" binding="basicHttpBinding" contract="TMC.Servicios.SCL.ServiceContract.BL.ITasacionServiceWCF">

<identity>

<dns value="localhost"/></

</identity>

<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>

</service>

</services>

<behaviors>

<serviceBehaviors>

<behavior name="XXX.SCL.ServiceImplementation.BL.TasacionServiceBehavior">

<serviceMetadata httpGetEnabled="true"/>

<serviceDebug includeExceptionDetailInFaults="true"/>

</behavior>

</serviceBehaviors>

</behaviors>

Thanks boto!!!

Marco Hernandez

Developer
Jun 3, 2009 at 8:42 PM

There are no problems with virtualizing services with wsHttpBinding.  There are additional configuration requriements when using message security (see the security guide).  If you run the sample calculator services, the advanced calculator exposes endpoints with wsHttp that you can test with as well as exposing the Basic Calculator with wsHttpBinding virtual services.  The issues with endpoint identity are based what identity is being used to host the service as well as the security requirements of the service. As such there are various endpoint identities that can be specified to ensure the calls are made properly (dns, upn, spn, etc.).