Click here to Skip to main content
12,952,281 members (44,788 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
i am developing a duplex federated wcf service, my federation scenario is working fine but when i tried to make it duplex to an exception is thrown "The incoming policy could not be validated"
 
i think its issue with my configurations but am still not able to trace out the mistake
 
Following are my configuration:


1. For my main service:
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name='MyServiceBehavior'>
                <serviceAuthorization serviceAuthorizationManagerType='MyService.MyServiceAuthorizationManager, My Service' />
                <serviceCredentials>
                    <serviceCertificate storeLocation='LocalMachine'
                                        storeName='My'
                                        x509FindType='FindBySubjectName'
                                        findValue='BookStoreService.com' />
                    <issuedTokenAuthentication>
                        <allowedAudienceUris>
                            <add allowedAudienceUri='http://localhost:53121/MyService.svc/GetResponse'/>
                            <add allowedAudienceUri='http://localhost:53121/MyService.svc/PerformOperation'/>
                        </allowedAudienceUris>
                        <knownCertificates>
                            <add  storeLocation ='LocalMachine'
                                  storeName ='TrustedPeople'
                                  x509FindType ='FindBySubjectName'
                                  findValue ='HomeRealmSTS.com' />
                        </knownCertificates>
                    </issuedTokenAuthentication>
                </serviceCredentials>
                <serviceMetadata httpGetEnabled ='true'/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <customBinding>
            <binding name='MyServiceBinding'>
                <security authenticationMode='SecureConversation'>
                    <secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
                    <issuedTokenParameters>
                        <issuerMetadata address='http://localhost:62751/TokenIssuer.svc/mex'/>
                    </issuedTokenParameters>
                </security>
                <compositeDuplex/>
                <oneWay/>
                <httpTransport/>
            </binding>
        </customBinding>
    </bindings>
    <services>
        <service name="MyService.MyService"
                           behaviorConfiguration='MyServiceBehavior'>
            <endpoint address="Response"
                                  binding="customBinding"
                                  bindingConfiguration='MyServiceBinding'
                                  contract="MyService.IMyService" />
            <endpoint address="mex"
                      binding="mexHttpBinding"
                      contract="IMetadataExchange" />
        </service>
    </services>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>

2. STS Configurations
<pre lang="xml"><system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior>
                <serviceCredentials>
                    <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="HomeRealmSTS.com"/>
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add scheme="http" binding="wsHttpBinding"/>
    </protocolMapping>
</system.serviceModel>

and 3. Client Configurations
<system.serviceModel>
    <bindings>
        <customBinding>
                <binding name='MyServiceBinding'>
                    <security authenticationMode='SecureConversation'>
                        <secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
                        <issuedTokenParameters>
                            <issuer address='http://localhost:62751/TokenIssuer.svc' binding='wsHttpBinding' bindingConfiguration='MyTokenIssuer'/>
                        </issuedTokenParameters>
                    </security>
                    <compositeDuplex/>
                    <oneWay/>
                    <httpTransport/>
                </binding>
        </customBinding>
        <wsHttpBinding>
            <binding name="MyTokenIssuer">
                <security mode="Message"/>
            </binding>
        </wsHttpBinding>
    </bindings>
    <behaviors>
        <endpointBehaviors>
            <behavior name="GetResponseClientBehavior">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode="PeerOrChainTrust"/>
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <client>
        <endpoint name="WSFederationHttpBinding_IMyService" address="http://localhost:53121/MyService.svc/Response" binding="customBinding" bindingConfiguration="MyServiceBinding" behaviorConfiguration="GetResponseClientBehavior" contract="IMyService">
            <identity>
                <certificateReference storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="BookStoreService.com"/>
            </identity>
        </endpoint>
    </client>        
</system.serviceModel>
Posted 12-Sep-12 21:28pm

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month
OriginalGriff 6,239
CHill60 3,490
Maciej Los 3,083
Jochen Arndt 1,975
ppolymorphe 1,880


Advertise | Privacy | Mobile
Web02 | 2.8.170525.1 | Last Updated 13 Sep 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100