Hi
I've got a WebSerice and STS. If I use a serivce contract to create a client everything works fine, but when I try to create a service contract with svcutlil or Visual Studio tool then I'm getting an error:
Attempting to download metadata from 'http://localhost:1207/PatientInfoService/Service.svc' using WS-Metadata Exchange or DISCO.
Error: Obtaining metadata from issuer 'http://localhost:1210/RoverSecureTokenService/Service.svc' failed with error 'System.InvalidOperationException: Metadata contains a reference that cannot be resolved: 'http://localhost:1210/RoverSecureTokenService/Service.svc'. ---> System.InvalidOperationException: < xml version="1.0" encoding="utf-16" ><Fault xmlns="http://www.w3.org/2003/05/soap-envelope"><Code><Value>Sender</Value><Subcode><Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</Value></Subcode></Code><Reason><Text xml:lang="en-US">An error occurred when verifying security for the message.</Text></Reason></Fault>
at System.ServiceModel.Description.MetadataExchangeClient.MetadataReferenceRetriever.DownloadMetadata(TimeoutHelper timeoutHelper)
at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)
--- End of inner exception stack trace ---
at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)
at System.ServiceModel.Description.MetadataExchangeClient.ResolveNext(ResolveCallState resolveCallState)
at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(MetadataRetriever retriever)
at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(EndpointAddress address)
at System.ServiceModel.Channels.SecurityPolicy11.TokenIssuerPolicyResolver.ResolveTokenIssuerPolicy(MetadataImporter importer, PolicyConversionContext policyContext, IssuedSecurityTokenParameters parameters)'.
I've enabled metadata for both services, I am even able to add the STS reference to my client. I do not need it but I can
And I have this piece in the webservice config
<
bindings><
wsFederationHttpBinding><
binding name="PISBinding"><
security mode="Message"><message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
negotiateServiceCredential="false">
<issuer address="http://localhost:1210/RoverSecureTokenService/Service.svc"
binding="customBinding" bindingConfiguration="UsernameBinding">
<identity>
<dns value="WSE2QuickStartServer" />
</identity>
</issuer>
<issuerMetadata address="http://localhost:1210/RoverSecureTokenService/Service.svc" />
</message>
</
security></
binding></
wsFederationHttpBinding></
bindings>
When I remove <message> with the STS refference then it works
What did I do wrong
Thanks in advance
Metadata contains a reference that cannot be resolved : InvalidSecurity
stswordman
Use
<issuerMetadata address="http://localhost:1210/RoverSecureTokenService/Service.svc/Mex" />
instead of
<issuerMetadata address="http://localhost:1210/RoverSecureTokenService/Service.svc" />
Regards,
DMAR330
it does not work either. I've got the same "incorrect security" error
"http://localhost:1210/RoverSecureTokenService/Service.svc/Mex" in browser returns
what does it mean
Do i need to add a mex binding to my STS or to my service
Thanks
nhd
You need to expose a endpoint with the IMetadataExchange contract to your service, this will be as below:
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
Regards,