An error occurred when verifying security for the message

Question

When I try to call a WCF service I am getting the following message "An error occurred when verifying security for the message."

When I remove the custom authenication the service works no problem. I can't figure out though what I have misconfigured in my web.config. Any insight would be appreciated.

  <system.serviceModel>      <services>         <service behaviorConfiguration="NAThriveExtensions.nableAPIBehavior"           name="NAThriveExtensions.nableAPI">            <endpoint               address=""               binding="basicHttpBinding"               bindingConfiguration="basicHttpBinding_Secure"              contract="NAThriveExtensions.InableAPI">            </endpoint>            <endpoint               address="mex"               binding="mexHttpsBinding"               contract="IMetadataExchange" />         </service>      </services>      <behaviors>         <serviceBehaviors>           <behavior name="NAThriveExtensions.nableAPIBehavior">             <serviceMetadata httpsGetEnabled="true" />             <serviceDebug includeExceptionDetailInFaults="false" />             <serviceCredentials>               <userNameAuthentication                  userNamePasswordValidationMode="Custom"                customUserNamePasswordValidatorType= "NAThriveExtensions.Authentication, NAThriveExtensions" />             </serviceCredentials>           </behavior>         </serviceBehaviors>      </behaviors>      <bindings>        <basicHttpBinding>          <binding name="basicHttpBinding_Secure">            <security mode="TransportWithMessageCredential">              <message clientCredentialType="UserName"/>            </security>          </binding>        </basicHttpBinding>      </bindings>   </system.serviceModel> 

Answer 1

I was getting this same error message and it turned out to be due to a time difference between my workstation machine and the server hosting the WCF service. The server was about 10 minutes behind my machine and WCF security doesn't seem to like that very much.

To find the root problem I turned on serviceSecurityAuditing in the server's config file. Add the following to the configuration/system.serviceModel/behaviors/serviceBehaviors/behavior section for your service:

<serviceSecurityAudit      auditLogLocation="Application"      serviceAuthorizationAuditLevel="Failure"      messageAuthenticationAuditLevel="Failure"      suppressAuditFailure="true"/> 

The following site was helpful in figuring this out:

http://blogs.microsoft.co.il/blogs/urig/archive/2011/01/23/wcf-quot-an-error-occurred-when-verifying-security-for-the-message-quot-and-service-security-audit.aspx