An error occurred when verifying security for the message
Solution 1
This ended up being an problem on the consuming side, not with the service itself. Software AG's webMethods 8 was consuming this server but there was no Security Handler added to the service so the credentials were not being added to the header thus resulting the in the aforementioned error.
Solution 2
I was getting this same error message and it turned out to be due to a time difference between my workstation machine and the server hosting the WCF service. The server was about 10 minutes behind my machine and WCF security doesn't seem to like that very much.
To find the root problem I turned on serviceSecurityAuditing in the server's config file. Add the following to the configuration/system.serviceModel/behaviors/serviceBehaviors/behavior section for your service:
<serviceSecurityAudit
auditLogLocation="Application"
serviceAuthorizationAuditLevel="Failure"
messageAuthenticationAuditLevel="Failure"
suppressAuditFailure="true"/>
The following site was helpful in figuring this out:
Solution 3
Another cause of this message is when some of your machines are not synchronized in time. WCF, by default, allows a five-minute gap; beyond this, it throws an error if things are out of synch.
The solution is to synch all your machines. time.windows.com is notorious for not working, so I suggest using something else. (If you're in a corporate environment, a local domain controller may be the correct choice here.)
Solution 4
I had a similar issue. I was building my datetime formatted strings using my local time, but my service/server was expecting GMT.
I needed to get the GMT time (JAVA):
final Date currentTime = new Date();
final SimpleDateFormat sdf =
new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.000Z'");
sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
System.out.println(sdf.format(currentTime));
Matt Klepeis
Senior Software Engineer working in an agile shop. C# is my language of choice Recently I have been spending lots of time with WebAPI, OData, Entity, AngularJS, and WCF. I am a MCPD: Web Developer 4 as well as ASP.NET Developer 3.5. I also hold MCTS: SharePoint 2010, Application Development as well as Configuration. I am also ITIL Foundations V3 and MCSA certified.
Updated on March 18, 2020Comments
-
Matt Klepeis about 4 years
When I try to call a WCF service I am getting the following message "An error occurred when verifying security for the message."
When I remove the custom authenication the service works no problem. I can't figure out though what I have misconfigured in my web.config. Any insight would be appreciated.
<system.serviceModel> <services> <service behaviorConfiguration="NAThriveExtensions.nableAPIBehavior" name="NAThriveExtensions.nableAPI"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_Secure" contract="NAThriveExtensions.InableAPI"> </endpoint> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="NAThriveExtensions.nableAPIBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType= "NAThriveExtensions.Authentication, NAThriveExtensions" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="basicHttpBinding_Secure"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> </system.serviceModel>