Craig,
Creating a test case would be very difficult because this is only
happenning in our production servers.
So I'll try to explain how is our current production environment.
We have 2 web server behaind a load balancer, those servers are the
clients. We have a third server running the WCF services.
We have configured asp.net to use memcached as session provider.
This is the configuration for our clients:
....
<client>
<endpoint address="http://myservicedomain/Service.svc";
behaviorConfiguration="customBehavior"
binding="customBinding"
bindingConfiguration="ZI2Binding"
contract="ZI2.Contract.IService"
name="ZI2Binding_Service" >
<identity>
<certificateReference storeName="My"
x509FindType="FindByThumbprint"
findValue="cfbed967b303bf007b638f190948ca69677dxxxx"
storeLocation="LocalMachine" />
</identity>
</endpoint>
....
</clients>
<bindings>
<customBinding>
<binding name="ZI2Binding" closeTimeout="02:00:00"
openTimeout="02:00:00" receiveTimeout="02:00:00"
sendTimeout="02:00:00">
<transactionFlow />
<reliableSession ordered="true" />
<security includeTimestamp="false"
authenticationMode="SecureConversation"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap
authenticationMode="MutualSslNegotiated"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
/
>
<localServiceSettings detectReplays="false"/>
<localClientSettings detectReplays="false" />
</security>
<textMessageEncoding>
<readerQuotas maxDepth="64"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="204800" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="customBehavior">
<clientCredentials>
<clientCertificate
findValue="8bbbb0ff5af3b9a2c4791a967693a17f3ed4xxxx"
x509FindType="FindByThumbprint" storeLocation="LocalMachine"
storeName="My" />
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust"
revocationMode="Online" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
For each endpoint we are using per Thread lifestyle.
At sever side we are using the following configuration:
<services>
<service behaviorConfiguration="ReturnFaultsAndMex"
name="ZI2.Service">
<endpoint binding="customBinding"
bindingConfiguration="ZI2Binding"
contract="ZI2.Contract.IService" />
</service>
...
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ReturnFaultsAndMex" allowCookies="true">
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceMetadata httpGetEnabled="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483646" /
>
<serviceThrottling maxConcurrentCalls="16"
maxConcurrentSessions="10"
maxConcurrentInstances="2147483647" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust"
revocationMode="Online" />
</clientCertificate>
<serviceCertificate
findValue="cfbed967b303bf007b638f190948ca69677dxxxx"
x509FindType="FindByThumbprint"
storeLocation="LocalMachine"
storeName="My">
</serviceCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="ZI2Binding" closeTimeout="02:00:00"
openTimeout="02:00:00" receiveTimeout="02:00:00"
sendTimeout="02:00:00">
<transactionFlow />
<reliableSession ordered="true" />
<security includeTimestamp="false"
authenticationMode="SecureConversation"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap
authenticationMode="MutualSslNegotiated"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
/
>
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false"/>
</security>
<textMessageEncoding>
<readerQuotas maxDepth="64"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="204800" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
</bindings>
The problem only appears when no one access the clients for a couple
ours (no comunication between client and server) so if my guess is
right and based on the exceptions I think that the problem is that the
facility is trying to reach the service with an expired token, but
this is just my thought.
If you need more details or I'm missing something please let me know.
Thanks in advance.
Jorge
On 24 dic, 11:43, Craig Neuwirt <[email protected]> wrote:
> Jorge,
>
> Is there any chance of creating a test case for this so I can look at it.
> In particular, I need to see
> how you configured the services.
>
> craig
>
> On Tue, Dec 22, 2009 at 8:49 AM, Jorge Ramos Eguinoa
> <[email protected]>wrote:
>
>
>
> > I'm having the same issue that is described here
> >http://support.castleproject.org/projects/FACILITIES/issues/view/FACI....
> > After some research I realized that this is happening when no clients
> > access to the application for more than a couple hours in our
> > production servers.
> > I did a little change in ChannelReconnectPolicy in order to reconnect
> > always (for testing porpuses) and in the server side I'm getting this
> > exception:
>
> > "The SecurityContextSecurityToken with context-id=urn:uuid:600f27bc-
> > ed0c-4370-b4e2-cbfce7cc6d2d (key generation-id=) is not registered."
>
> > Maybe I'm missing something but I think that the problem is that the
> > security token needs to be recreated when this happens because after a
> > while It becomes invalid.
>
> > So my question is how the facility creates the security context? Is
> > there any way to re create the security token in the facility when I
> > reconnect?
>
> > Any help would be appreciated. Sorry for my english! =P
>
> > Jorge.
>
> > --
>
> > You received this message because you are subscribed to the Google Groups
> > "Castle Project Users" group.
> > To post to this group, send email to [email protected]
> > .
> > To unsubscribe from this group, send email to
> > [email protected]<castle-project-users%2bun[email protected]>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/castle-project-users?hl=en.- Ocultar texto de
> >la cita -
>
> - Mostrar texto de la cita -
--
You received this message because you are subscribed to the Google Groups
"Castle Project Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/castle-project-users?hl=en.
