.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security processor was unable to find a security header in the message

Posted By:      Posted Date: September 21, 2010    Points: 0   Category :WCF


Recently on one of my machines, my client (WCF client) is having problem talking to WCF server. Both server and client are running on the same machine. The machine is Windows7 64 bit machine. It used to work fine until recently. The same software is working fine on all other machines with exactly same configuration. I am really confused here. Could someone please let me know what could be the problem?

Exception Type:

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089


Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

Stack Trace: System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) System.ServiceModel.Channels.SecurityChannelListener

View Complete Post

More Related Resource Links

WCF Exception "Message security verification failed" only with header!

Hi, I've got a WCF service doing Username authentication. I authenticate with AD and authorize using AzMan on AD. I'm hosting the service in IIS 6 and its running in an app pool that runs in a domain account that has read rights on the AD. I have a custom header that goes both ways. Everything works well until I assign the custom header to return. If I never assign the custom header to return everything is ok but if I do assign the custom header to return I get the error:- Message security verification failed.Duplicate attribute found. Both 'u:Id' and 'u:Id' are from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'. Line 1, position 520. I've got service level message tracing and I can see the secure conversation stuff happening and the messages going across the interface.   If anyone has any ideas I'd be most appreciative.   Thanks,   Andy

Crash Course: Analyze Crashes to Find Security Vulnerabilities in Your Apps


Here the authors analyze program crashes to help you understand if you have the potential for read or write violations in your applications, and how they can lead to security vulnerabilities.

A. Abouchaev, D. Hasse, S. Lambert, and G. Wroblewski

MSDN Magazine November 2007

Are You in the Know?: Find Out What's New with Code Access Security in the .NET Framework 2.0


Unlike role-based security measures, code access security is not based on user identity. Instead, it is based on the identity of the code that is running, including information such as where the code came from. Here Mike Downen discusses the role of code access security (CAS) in .NET and outlines some key new features and changes in CAS for the .NET Framework 2.0.

Mike Downen

MSDN Magazine November 2005

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

Weird security configuration error message


Recently something has gone wrong with our website so that whenever you try to access an aspx file, it shows the following error:


Server Error in '/RALSWeb' Application.

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Access is denied: 'RalsWeb'.

Source Error:

Line 256:                <add assembly="System.EnterpriseServices, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
Line 257:                <add assembly="System.Web.Mobile, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
Line 258:                <add assembly="*"/>
Line 259:            </assemblies>

unable to attach database, security setting?


Hi folks,

I am using VS 2010 Professional with SQL Server 2008 Developer.  I right click on the App_Data folder in solution explorer and add an existing item, then navigate to the correct database.  However, I receive a pop up that Access is Denied.  How do I fix this? 

Can't find AD security group while creating Audience rule


Hi guys,

I'm trying to create audience rule : all members of AD group. But when I try to choose a security group I need I can't find in search window. Though I see another groups. So in a whole the problem is I can't see all the AD groups but only some of them. It doesn't depends on on its type (global or local domain).

What could be a reason?

WCF Message Security using Certificates

I am new to wfc programming and trying to understand security aspects ('message' using certificates). I am using windows 7 and visual studio 2010. I have a few questions about how I have implemented wfc. I have a win forms app that will talk over the web to a wfc service. I need to make sure the message is encrypted enroute. This is an admin application and will be used only by me. I created certificates on my Dev machine and edited the web.config and app.config. This works. The problem is when I right click the service reference and select update service refernce, the app.config is overwritten. The identity element is removed and behior ref is removed  and now the app will not connect to the service any more. I am including my web.config and app.config (before and after updating svc ref) below. Please advice me on what I am doing wrong. Also please let me know if this is the right way to do it. While creating the certificates I wasnt prompted for any passwords, not sure why. Can I use this type of certificate eventually when I go live ? what are the risk if this is not advisable ? Thanks in advance for you help. certificate creation and installation //server makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=TradeService -sky exchange -pe certmgr.exe -add -r CurrentUser -s My -c -n TradeService -r CurrentUser -s TrustedPeople    //client makecert.exe -sr Cu

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

SOAP Security Header: EncryptedData



I am configuring WCF to talk to non-.NET SOAP Framework.

The SOAP message will be encrypted with public-key, with Timestamp and UsernameToken in the Security Header.

I am starting off with CreateAnonymousForCertificateBindingElement(), and adding UserNameSecurityTokenParameters() to EndpointSupportingTokenParameters.Signed collection.

Difficulty is: In the SOAP Security Header I get ONE EncryptedData element that is giving the 3rd party service trouble... If I use a tool to submit altered SOAP Envelope without EncryptedData element (which seems to be not needed) the 3rd party service takes the request successfuly.

1) What may be generating this EncryptedData element?
2) How could EncryptedData be turned off OR removed from the Security Header?


Thank you


SECU1075: An error was discovered processing the header


I have designed a console application as a web service client which is able to talk with webservice; however instead of using a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.

Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security> header

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)


Sharepoint 2007 publishing site home page displays unknown file type security message


I am using sharepoint 2007 sp2, it has been workig fine for the past 8 months but since one of the developers installed .net 4.0 framework, every time we create a new sharepoit publishng site or extend and existing application the home url displays an "Unknown File Type" security warning message and asks users to download the file.  If i manually tupe in the full url http://www.mysite.com/pages/default.aspx it is displayed correctly. I have uninstalled .net 4 from the server but i still have the same  error. I have tried to replicate this error on a development server but sharepoitn works fine on that even with .net 4.0 installed.

Has anyone had the same issue ? I would appreciate  any suggestios or help with troubleshootig this issue.


iis 7 IP Security using System.DirectoryServices : Unable to update


I used the below code to Set  IP Security from my vb.net Application.  It is working in IIS 6 (windows xp, and server 2003).

facing error in IIS 7.5 (windows7).

' Get the IIS object that holds the info for the default site.


Dim SecObj As Object = GetObject("IIS://LocalHost/W3SVC/1/Root/WebServerSCM")


' Get the IIsIPSecurity object.

how to create wsse:Security header programatically from code



I want to create the following wsse:Security header from C# code:

<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <wsu:Timestamp wsu:Id="Timestamp-02be6222-d34d-4c19-bb35-f4e98cc18534" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-3f7f983f-66ce-480d-bce6-170632d33f92" xmlns:wsu="

How do I create a CustomBinding for wsse:Security Header with UsernameToken without security?


Hello i'm pretty new to WebServices and i'm trying to connect my WCF-client to a JBoss-WebService with SOAP12.

My request message has to look as following: (yes there is no security at all)


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"> 
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">boo</wsse:Password>
<ns2:getNames() xmlns:ns2="http://localhost/myJBossWS" />
This is my CustomBinding, but it has no SecurityBindingElement, because nothing suits to me, they all require either ssl or a certificate.
Please help me to build a right binding to

System.Security.Cryptography.CryptographicException: The system cannot find the file specified





When i tried to use a third party web service  using IIS  , i am getting the following Error

Exception Details: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

[CryptographicException: The system cannot find the file specified.
   System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +1459868
   System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +55
   System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +79
   System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters) +38
   System.Security.Cryptography.RSA.ToXmlString(Boolean includePrivateParameters) +41
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.a() +158
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.RequestLogin(String reasonMessage) +200
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.GetNewSecureSessionToken(Boolean attemptLogin) +148

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend