A call to SSPI failed, see inner exception when running the call a second time?
27,294
Solution 1
The server does not have permissions to contact the local machine certificate store to validate the trust of the passed in certificate
Solution 2
Please check the "identity" element in web.config or App.config file. If the "identity" element present then comment or delete it. Your problem will be solve.
Author by
Banshee
Updated on August 24, 2020Comments
-
Banshee over 3 years
I have the following code :
public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate) { ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate"); MyApp4SITHSService.IMyApp4SITHSServiceContract service; GetUserDataResponse response; factory.Credentials.ClientCertificate.Certificate = certificate; //factory.Credentials.UserName.UserName = "me"; //factory.Credentials.UserName.Password = "password"; service = factory.CreateChannel(); LogHandler.WriteLine("Connecting to service"); response = service.GetUserData(new GetUserDataRequest()); LogHandler.WriteLine("Data received"); factory.Abort(); return response; }
The first time I run this it workes just great, the second time I get the following exception on service.GetUserData :
A first chance exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in mscorlib.dll
A call to SSPI failed, see inner exception.
The Local Security Authority cannot be contacted
Im using the following configurations :
<system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="CertificateEndpointBehavior"> <clientCredentials> <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>--> <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>--> <serviceCertificate> <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <netTcpBinding> <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <reliableSession ordered="true" inactivityTimeout="Infinite" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Certificate" /> <message clientCredentialType="Certificate" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll" behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding" bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract" name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate"> <identity> <dns value="MyAppServer" /> </identity> </endpoint> </client> </system.serviceModel>
Any idea why I get this problem and how to solve it?
-
Banshee almost 10 yearsYes, that sounds right but why did it work on first try but never on the following tries? It can be validated successfully so why does this not work the second time?