问题
I have created one wcf service with aspnet role & security.
When I consumed that in one website and try to check that, with correct username & password it works perfect, but with incorrect username & password it gives me an error:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
I would have expected to get "Access is Denied" instead.
So, Any idea why???
UPDATE
You are right we can add FaultContracts ... but even though I added it gives me same error.. moreover I tried to check the same user isinrole or not if not then externally fired the FaultException...
Still getting the same error not getting the actual "Access is Denied".
Just to update you that I have used aspnet Form Authentication for checking the credential & in role... code is somewhat like
public class SampleService : ISampleService
{
[PrincipalPermission(SecurityAction.Demand, Role = "admin")]
public string GetCurrentTime()
{
if (!Roles.IsUserInRole(HttpContext.Current.User.Identity.Name, "admin"))
return DateTime.Now.ToString();
else
throw new FaultException("Access is denied");
}
}
[ServiceContract]
public interface ISampleService
{
[OperationContract]
string GetCurrentTime();
}
At the client side, Where i consumed, this service...
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
ChannelFactory<AuthCustWithAspnetRoleService.ISampleService> factory = new ChannelFactory<AuthCustWithAspnetRoleService.ISampleService>("*");
factory.Credentials.UserName.UserName = txtUserName.Text.Trim(); // "admin";
factory.Credentials.UserName.Password = txtPassword.Text.Trim(); // "admin";
AuthCustWithAspnetRoleService.ISampleService proxy = factory.CreateChannel();
lblMessage.Text = proxy.GetCurrentTime();
}
catch (Exception ex)
{
lblMessage.Text = ex.Message;
}
}
Hope this will guide you more about my code and you may help me in more detail.... I don't know why other (few reference where i understood this concept) got "Access is denied" and I am not directly getting this from system...
回答1:
You should use FaultContracts to avoid this message.
回答2:
I just had this issue and had to turn off security context on WCF bindings. You need to turn them off on the bindings in both the client and the service.
Here's the config file if your WCF is IIS-hosted:
<ws2007FederationHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007FederationHttpBinding>
See this post: http://stack247.wordpress.com/2013/05/28/an-unsecured-or-incorrectly-secured-fault-was-received-from-the-other-party/
来源:https://stackoverflow.com/questions/11517772/wcf-unsecured-or-incorrectly-secured-fault-was-received-from-the-other-party