System.ServiceModel.Security.SecurityNegotiationException
매번 WCF 응용 프로그램(예제도 참 많이 만들어보지만.)을 실행할 때마다 뭔가 하나씩 빼먹는 바람에 예외가 발생해서 고생을 하게 되는데요. 그런 연유로 인해, 다양한 예외 유형 정리는 나중에 다시 해당 프로그래밍을 할 때 도움이 됩니다. 그래서 아래와 같이 정리를 해놓고는 하지요. ^^
WCF 인증서 설정 관련 오류 정리
; https://www.sysnet.pe.kr/2/0/869
이번엔 SecurityNegotiationException 예외 관련해서 기록을 남깁니다.
특히나, 예제를 만들때 주로 WCF 서비스 쪽 설정을 다음과 같이 보안을 꺼버리게 되는데요.
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfig">
<security mode="None" />
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="wsHttpBindingConfig">
<security mode="None"/>
</binding>
</wsHttpBinding>
<netTcpBinding>
<binding name="netTcpBindingConfig">
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
거의 고정적으로 위의 설정은 web.config(또는 app.config)에 복사하고, BasicHttpBinding만으로 클라이언트 호출을 하다가! WSHttpBinding, NetTcpBinding 쪽의 바인딩을 사용하는 코드를 다음과 같이 사용을 했습니다.
WSHttpBinding wsHttpBinding = new WSHttpBinding();
using (ChannelFactory<IHelloWorld> factory =
new ChannelFactory<IHelloWorld>(wsHttpBinding,
new EndpointAddress(wsBindingAddress)))
{
IHelloWorld world = factory.CreateChannel();
ICommunicationObject comm = world as ICommunicationObject;
try
{
world.Echo();
comm.Close();
}
catch
{
comm.Abort();
}
}
그래서, 다음과 같은 예외가 발생합니다. ^^
A first chance exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in Unknown Module.
Additional information: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding
(including security requirements, e.g. Message, Transport, None).
at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpantimeout)
...[생략]...
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApplication1.IHelloWorld.Echo()
at ConsoleApplication1.Program.Main(String[] args) in D:\...\ConsoleApplication1\ConsoleApplication1\Program.cs:line 24
아시는 것처럼, WSHttpBinding은 보안 채널 기본값이 Message이기 때문입니다. 서버 측을 꺼버렸으니 클라이언트 측도 다음과 같이 보안을 해제해 주어야 합니다.
WSHttpBinding wsHttpBinding = new WSHttpBinding();
wsHttpBinding.Security.Mode = SecurityMode.None;
using (ChannelFactory<IHelloWorld> factory =
new ChannelFactory<IHelloWorld>(wsHttpBinding,
new EndpointAddress(wsBindingAddress)))
재미있는 것은, WSHttpBinding과 NetTcpBinding과의 예외 메시지가 틀리다는 점입니다. NetTcpBinding의 경우에는 다음과 같이 ProtocolException이 발생합니다.
System.ServiceModel.ProtocolException was unhandled
Message=The requested upgrade is not supported by 'net.tcp://localhost:9001/addrNetTcpBinding'. This could be due to mismatched bindings (for example security enabled on the client and not on the server).
Source=mscorlib
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.ConnectionUpgradeHelper.DecodeFramingFault(ClientFramingDecoder decoder, IConnection connection, Uri via, String contentType, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
... [생략] ...
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApplication1.IHelloWorld.Echo()
at ConsoleApplication1.Program.Main(String[] args) in D:\...\ConsoleApplication1\ConsoleApplication1\Program.cs:line 97
... [생략] ...
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]