Reputation: 250972
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type.
I am trying to get a third party Java client to communicate with a WCF service I have written.
I get the following exception when receiving the message:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
Here is my configuration:
Binding
<customBinding>
<binding name="TestSecureBinding">
<security authenticationMode="MutualCertificate" />
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<httpsTransport requireClientCertificate="true" maxReceivedMessageSize="5242880" />
</binding>
</customBinding>
Behaviour:
<serviceBehaviors>
<behavior name="TestCertificateBehavior">
<serviceCredentials>
<clientCertificate>
<certificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
Endpoint:
<service name="TestService"
behaviorConfiguration="TestCertificateBehavior">
<endpoint
name="TestEndpoint"
address="https://localhost:443"
contract="TestServiceContract"
binding="customBinding"
bindingConfiguration="TestSecureBinding">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost:443" />
</baseAddresses>
</host>
</service>
Does anyone know what is causing this?
Upvotes: 3
Views: 6847
Answers (3)
Reputation: 2039
Make sure to check the endpoint address your client is calling. We wrestled with this for far too long until we realized that there was a typo in the custom binding address addendum.
Upvotes: 0
Reputation: 250972
I have accepted that I can't do this in the config file and have resorted to creating the service host in code.
Here is the full example of creating the binding, binding elements and creating the service host.
Please note, you may not be using WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W - you are probably using a more recent version than I am having to use - but just substitute that for the correct version for your service.
var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.IncludeTimestamp = true;
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
var customBinding = new CustomBinding();
customBinding.Elements.Add(securityBindingElement);
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8));
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 });
ServiceHost customServiceHost = new ServiceHost(type);
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443");
customServiceHost.Open();
Upvotes: 2
Reputation: 2481
Its because the wrong way of referencing the cert has been used somewhere, if i remember correctly, you either directly reference the cert or use a key identifier - anyhow, to get beyond it, you should be able to add the allowSerializedSigningTokenOnReply tag to your security tag on your clients binding configuration and set it to true.
that should get beyond it for you - remember, put this client side
Sorry I cant find the references - I remember reading it somewhere and cant find it now! :( ****EDIT Here It is**** - http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html
<customBinding>
<binding name="TestSecureBinding">
<security allowSerializedSigningTokenOnReply="true" />
etc
</binding>
<customBinding>
Upvotes: 7
Related Questions
- WCF service connection error: "The request for security token has invalid or malformed elements"
- Cannot find a token authenticator for the 'Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken' token
- WCF error: The caller was not authenticated by the service
- WCF - Cannot find a token authenticator for X509SecurityToken
- WCF client security header error "An invalid security token was provided"
- WCF - wsHttpBinding with UserName Autentication and Message - error message "An error occurred when processing the security tokens in the message"
- WCF: The request for security token could not be satisfied because authentication failed
- WCF Authentication Binding Errors
- Problems with WCF authenication
- The request for security token could not be satisfied because authentication failed