매번 WCF 응용 프로그램(예제도 참 많이 만들어보지만.)을 실행할 때마다 뭔가 하나씩 빼먹는 바람에 예외가 발생해서 고생을 하게 되는데요. 그런 연유로 인해, 다양한 예외 유형 정리는 나중에 다시 해당 프로그래밍을 할 때 도움이 됩니다. 그래서 아래와 같이 정리를 해놓고는 하지요. ^^

WCF 인증서 설정 관련 오류 정리
; https://www.sysnet.pe.kr/2/0/869

이번엔 SecurityNegotiationException 예외 관련해서 기록을 남깁니다.

---

특히나, 예제를 만들때 주로 WCF 서비스 쪽 설정을 다음과 같이 보안을 꺼버리게 되는데요.

<bindings>
    <basicHttpBinding>
        <binding name="basicHttpBindingConfig">
            <security mode="None" />
        </binding>
    </basicHttpBinding>
      
    <wsHttpBinding>
        <binding name="wsHttpBindingConfig">
            <security mode="None"/>
        </binding>
    </wsHttpBinding>

    <netTcpBinding>
        <binding name="netTcpBindingConfig">
            <security mode="None"/>
        </binding>
    </netTcpBinding>
</bindings>

거의 고정적으로 위의 설정은 web.config(또는 app.config)에 복사하고, BasicHttpBinding만으로 클라이언트 호출을 하다가! WSHttpBinding, NetTcpBinding 쪽의 바인딩을 사용하는 코드를 다음과 같이 사용을 했습니다.

WSHttpBinding wsHttpBinding = new WSHttpBinding();
using (ChannelFactory<IHelloWorld> factory =
    new ChannelFactory<IHelloWorld>(wsHttpBinding,
    new EndpointAddress(wsBindingAddress)))
{
    IHelloWorld world = factory.CreateChannel();

    ICommunicationObject comm = world as ICommunicationObject;
    try
    {
        world.Echo();
        comm.Close();
    }
    catch
    {
        comm.Abort();
    }
}

그래서, 다음과 같은 예외가 발생합니다. ^^

A first chance exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in Unknown Module.

Additional information: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.

Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding
(including security requirements, e.g. Message, Transport, None).
at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

--- End of inner exception stack trace ---

Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpantimeout)
...[생략]...
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApplication1.IHelloWorld.Echo()
at ConsoleApplication1.Program.Main(String[] args) in D:\...\ConsoleApplication1\ConsoleApplication1\Program.cs:line 24



아시는 것처럼, WSHttpBinding은 보안 채널 기본값이 Message이기 때문입니다. 서버 측을 꺼버렸으니 클라이언트 측도 다음과 같이 보안을 해제해 주어야 합니다.

WSHttpBinding wsHttpBinding = new WSHttpBinding();
wsHttpBinding.Security.Mode = SecurityMode.None;
using (ChannelFactory<IHelloWorld> factory =
    new ChannelFactory<IHelloWorld>(wsHttpBinding,
    new EndpointAddress(wsBindingAddress)))

재미있는 것은, WSHttpBinding과 NetTcpBinding과의 예외 메시지가 틀리다는 점입니다. NetTcpBinding의 경우에는 다음과 같이 ProtocolException이 발생합니다.

System.ServiceModel.ProtocolException was unhandled
  Message=The requested upgrade is not supported by 'net.tcp://localhost:9001/addrNetTcpBinding'. This could be due to mismatched bindings (for example security enabled on the client and not on the server).
  Source=mscorlib
  StackTrace:
    Server stack trace: 
       at System.ServiceModel.Channels.ConnectionUpgradeHelper.DecodeFramingFault(ClientFramingDecoder decoder, IConnection connection, Uri via, String contentType, TimeoutHelper& timeoutHelper)
       at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
... [생략] ...
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at ConsoleApplication1.IHelloWorld.Echo()
       at ConsoleApplication1.Program.Main(String[] args) in D:\...\ConsoleApplication1\ConsoleApplication1\Program.cs:line 97
... [생략] ...

---

[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]

[최초 등록일: 11/16/2010]
[최종 수정일: 4/11/2022]


이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.

by SeongTae Jeong, mailto:techsharer at outlook.com