'BasicSecurityProfile' sample throws exception 'NonValidatingX509Token' does not support 'X
I've been trying to work with X509 certificate-based authentication, but couldnt get it working. So, I thought I'd try one of the samples that uses x509 certificates. But when I try and run theBasicSecurityProfilesample app (C:\Program Files\Microsoft SDKs\WinFX\ samples\WCF\TechnologySamples\ Basic\Binding\BasicProfile\BasicSecurityProfile\CS\), I get the exception listed below. The exception is thrown when the client attempts to contact the service.
(I'm running the server from the command-line and the client in VS.
The 'setup.bat' file ran successfully to create and install the appropriate keys.)
System.ServiceModel.MessageIOException was unhandled
Message="There was an error writing the message."
Source="mscorlib"
StackTrace:
Server stack trace:
at System.ServiceModel.Message.WriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSize)
at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.MessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
at System.ServiceModel.Channels.HttpOutput.Send()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ICalculator.Add(Double n1, Double n2)
at CalculatorProxy.Add(Double n1, Double n2) in C:\Program Files\Microsoft SDKs\WinFX\samples\WCF\TechnologySamples\Basic\Binding\BasicProfile\BasicSecurityProfile\CS\client\generatedProxy.cs:line 61
at Microsoft.ServiceModel.Samples.Client.Main(String[] args) in C:\Program Files\Microsoft SDKs\WinFX\samples\WCF\TechnologySamples\Basic\Binding\BasicProfile\BasicSecurityProfile\CS\client\client.cs:line 18
The inner exception is:
'NonValidatingX509Token' does not support 'X509SubjectKeyIdentifierClause' creation.
at System.ServiceModel.Security.Tokens.SecurityToken.CreateKeyIdentifierClause[T]()
at System.ServiceModel.Security.Tokens.X509SecurityToken.CreateKeyIdentifierClause[T]()
at System.ServiceModel.Security.Tokens.SecurityTokenParameters.CreateKeyIdentifierClause[TExternalClause,TInternalClause](SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
at System.ServiceModel.Security.Tokens.X509SecurityTokenParameters.CreateKeyIdentifierClause(SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
at System.ServiceModel.Security.SendSecurityHeader.Encrypt()
at System.ServiceModel.Security.SendSecurityHeader.Execute()
at System.ServiceModel.Security.SecurityAppliedMessage.ApplyDelayedSecurityIfNecessary()
at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteStartEnvelope(XmlDictionaryWriter writer)
at System.ServiceModel.Message.OnWriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Message.WriteMessage(XmlDictionaryWriter writer)
Update: the problem appears to be (if Im reading the code right) that (in the ServiceModel source code) theX509SubjectKeyIdentifierClauseclass fails to get theX509SubjectKeyIdentifierExtensionfrom the certificate in itsprivate static byte[] GetSkiRawData(X509Certificate2 certificate) method.
I have no idea what's going on in this code, or what a subjectkeyidentifier is, but I can see that the certificates created by the sample's batch file dont have this extension.
So, can anyone shed light on what the problem is with this sample - are the certificates not suitable, or is there some other problem?
