.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

WCF: security token could not be satisfied because authentication failed.

Posted By:      Posted Date: October 16, 2010    Points: 0   Category :WCF


I am newbie to WCF.... Please bare me..I have WCF service and client on the same machine with certificates(trusted root authority). Please find Client and server config below.

Below exception resulted when client tries to call service.

NOTE: This exception resulted when revocationMode= Online. But this is working fine when revocationMode= NoCheck.

<authentication certificateValidationMode="ChainTrust" revocationMode="Online"/>

But this should work in Online revocation mode for me.


Server Error in '/WCFClient' Application.

The request for security token could not be satisfied because authentication failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

Source Error:

Line 58:     }
Line 59:
Line 60:     public string Ping(string inParam) { return base.Channel.Ping(inParam);

View Complete Post

More Related Resource Links

Security Context Token verification failed. (The security protocol cannot verify the incoming messag

Hello, I would like implement Message Lever security with username/password authentication on HTTP. My environment looks something like this.  Server Side - Message lever security is configured on service.           <security mode="Message">             <message clientCredentialType="UserName" negotiateServiceCredential="True"/>           </security> - CA and self signed certificates are created on server and configured. ServiceCredentials are looks like this <serviceCredentials> <serviceCertificate findValue="CertForIdm" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" /> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="IfMembershipProvider" /> </serviceCredentials> Client Side (References are generated by VS) - Binding configuration                 <binding name="WSHttpBinding_IWaypoint2" closeTimeout="00:11:00"                     openTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:11:00"  &nb

[FtpWebRequest] System.Security.Authentication.AuthenticationException: A call to SSPI failed


Hi All,

   I'm using FtpWebReuqest, SSL enabled, to connect and upload files to an FTP server.

   During testing of the module i'm developing, I've encountered an unhandled exception indicating,

   "System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid"


Now before I decided to post this question here, I've searched the net and found several posts related to this. However, most them were not really helpful and not that clear. Hence, the post. :)

Additional info, I've already over ride the validation part of the SSL connection using the codes below:


ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(MyCertValidationCb);

public static bool MyCertValidationCb(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)


        return true;



What I can't really figure out is the root caus

helped needed: ASP LDAP authentication failed in IE 8


I use the following code to do the user authentication through Active Directory using LDAP.

entry = new DirectoryEntry("LDAP://" + server, user_name, password);
if (!string.IsNullOrEmpty(entry.Name))
EmployeeNetId = entry.Username.Substring(0, 3);

// Retrieve EmployeeId, and Employee Full Name
EmployeeId = -1;

It works for Chrome, Firefox with no problem. But with IE 8, it works sometimes, and failed on some computers. When it failed, I figured that I need to check SSL 2.0 in IE 8 Internet Options.  It's weird because in those computers that IE 8 works, SSL 2.0 is also unchecked.

Am I using some deprecated method? Or How do I specifiy the SSL version options in the LDAP connection?

WCF The Security Support Provider Interface (SSPI) negotiation failed


I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);


Security negotiation failed because the remote party did not send back a reply in a timely manner. T



Dear All i have created one simple service

like this

namespace WcfService2
        public class Service1 : IService1
        public string ShowEmpName(string strFirstName, string strLastName)
            return strFirstName + strLastName;

after executing in .net command promt i got 2 files

service.cs & output.config

after that i create one class file like this

namespace WcfService2
    public class clientcs

        static void Main(string[] args)
            Service1Client client = new Service1Client();
            string strResult = client.ShowEmpName("Pradeep", "Deokar");

Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

A call to SSPI failed: The target principal name is incorrect - How to ignore this Security Check

I find that I am getting this error since I am using the netTCPBinding. I don't get this exception when the client and server are on the same machine, but when they are on different machines, this exception occurs. If I set the identity on the end point as mentioned in the article: http://blogs.msdn.com/b/drnick/archive/2007/11/08/setting-a-user-principal-on-the-endpoint.aspx it is working fine.   So my question is , should the service end point always have an identity when using netTcpBinging? I tried setting Security.Mode = None and still I got this identity exception. is there any way through which I can ask the service to ignore the SSPI details and accept client request?   Thanks!

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtec

I have a windows service that runs on client machines and connects to a WCF service on a server.  This windows service seems to work fine on Windows XP, Vista and 7  machines, but when I try and run it on a Server 2008 R2 machine I get the following error: System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for system.serviceModel/bindings: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'. (C:\Program Files (x86)\MyFolder\MyApp\MyAppWinSVC.exe.Config line 4) ---> System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.    at System.ServiceModel.Configuration.HttpTransportSecurityElement.get_Properties() I have the 3.5 sp1 feature installed. The only thing I have found online that is remotely similar is this MS hotfix: http://support.microsoft.com/kb/2262911 But when I try and apply it, it says that it isn't for my computer. Does anyone have any ideas how to resolve this issue?

Token-based server access validation failed with an infrastructure error

Hi We have a new Win 2008 Enterprise x64 server running SQL 2008When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:"Token-based server access validation failed with an infrastructure error"What needs to be configured here for this to work ?ThanksBruce

The Security Token Service is not available

I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

PassThrough authentication fails: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'

I've tried it with every AuthenticationMode! But no one seems to work correctly in my case. I thought that PassThrough should work with a preset User ID and password. This would be enough for the moment, but even this doesn't work!! With WindowsCredentials I get the following error: The Property with name 'SsoApplicationId' is missing on the LobSystemInstance. SsoApplicationId I tried to set this with the SharePoint SSO but I've no such services. How can I set this just for the current WindowsCredentials (of the current Sharepoint user)? With RevertToSelf I get the following error: "An error occurred while retrieving data from MyLOBInstance. Administrators, see the server log for more information." The server log contained no useful information for me. With PassTrough I get the following error: "Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. [CLIENT: <local machine>]" Why are the lines <Property Name="RdbConnection User ID" Type="System.String">MyDomain\Administrator</Property><Property Name="RdbConnection Password" Type="System.String">mYpAssWoRd</Property> being ignored? Everything (MOSS, SQLServer,...) is on a single machine, so I don't need to activate Kerberos, do I? <LobSystemInstance Name="SEPInstance1207">   <Properties>    <Property Name="DatabaseAccessProvider" Type="Micros

An exception occurred when trying to issue security token: The trusted login provider did not supply

We are facing the issue after got authenticated by OpenID and forwarded back to Sharepoint, it crashed at the /_trust/ page the error "Operation is not valid due to the current state of the object." and event log shows this:   "An exception occurred when trying to issue security token: The trusted login provider did not supply a token accepted by this farm... "    

Office SharePoint - Mutual Authentication Failed. The servers password is out of date at the domain

I have a SharePoint Server 2010 site setup with SSL. (https://sitename.com) Whenever someone tries to save an Excel or Word document to the site through Save As or Save To SharePoint they get "Mutual Authentication Failed. The servers password is out of date at the domain controller". The desktop experience feature is installed and the webclient service is running. They also receive certificate is not available and if they wait a little bit or hit OK it will show the directory and not the website like on a regular http site.  
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend