This is the same issue I'm having but I cannot manage to find a solution. I'm almost sure that if I find a way to "renew" the security token when this exception is thrown the problem will be solved. If you have any suggestion to do that please let me know. Thanks for your help.
On 24 dic, 19:49, John Simons <[email protected]> wrote: > Have a look > at:http://stackoverflow.com/questions/912580/invalid-or-expired-security... > > On Dec 25, 2:30 am, Jorge Ramos Eguinoa <[email protected]> wrote: > > > > > Craig, > > Creating a test case would be very difficult because this is only > > happenning in our production servers. > > So I'll try to explain how is our current production environment. > > We have 2 web server behaind a load balancer, those servers are the > > clients. We have a third server running the WCF services. > > We have configured asp.net to use memcached as session provider. > > This is the configuration for our clients: > > > .... > > <client> > > <endpoint address="http://myservicedomain/Service.svc"; > > behaviorConfiguration="customBehavior" > > binding="customBinding" > > bindingConfiguration="ZI2Binding" > > contract="ZI2.Contract.IService" > > name="ZI2Binding_Service" > > > <identity> > > <certificateReference storeName="My" > > x509FindType="FindByThumbprint" > > findValue="cfbed967b303bf007b638f190948ca69677dxxxx" > > storeLocation="LocalMachine" /> > > </identity> > > </endpoint> > > .... > > </clients> > > <bindings> > > <customBinding> > > <binding name="ZI2Binding" closeTimeout="02:00:00" > > openTimeout="02:00:00" receiveTimeout="02:00:00" > > sendTimeout="02:00:00"> > > <transactionFlow /> > > <reliableSession ordered="true" /> > > <security includeTimestamp="false" > > authenticationMode="SecureConversation" > > messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> > > <secureConversationBootstrap > > authenticationMode="MutualSslNegotiated" > > messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" > > / > > > <localServiceSettings detectReplays="false"/> > > <localClientSettings detectReplays="false" /> > > </security> > > <textMessageEncoding> > > <readerQuotas maxDepth="64" > > maxStringContentLength="2147483647" maxArrayLength="2147483647" > > maxBytesPerRead="204800" maxNameTableCharCount="16384" /> > > </textMessageEncoding> > > <httpTransport maxBufferSize="2147483647" > > maxReceivedMessageSize="2147483647" /> > > </binding> > > </customBinding> > > </bindings> > > <behaviors> > > <endpointBehaviors> > > <behavior name="customBehavior"> > > <clientCredentials> > > <clientCertificate > > findValue="8bbbb0ff5af3b9a2c4791a967693a17f3ed4xxxx" > > x509FindType="FindByThumbprint" storeLocation="LocalMachine" > > storeName="My" /> > > <serviceCertificate> > > <authentication certificateValidationMode="ChainTrust" > > revocationMode="Online" /> > > </serviceCertificate> > > </clientCredentials> > > </behavior> > > </endpointBehaviors> > > </behaviors> > > > For each endpoint we are using per Thread lifestyle. > > > At sever side we are using the following configuration: > > > <services> > > <service behaviorConfiguration="ReturnFaultsAndMex" > > name="ZI2.Service"> > > <endpoint binding="customBinding" > > bindingConfiguration="ZI2Binding" > > contract="ZI2.Contract.IService" /> > > </service> > > ... > > </services> > > <behaviors> > > <serviceBehaviors> > > <behavior name="ReturnFaultsAndMex" allowCookies="true"> > > <serviceDebug includeExceptionDetailInFaults="false" /> > > <serviceMetadata httpGetEnabled="false"/> > > <dataContractSerializer maxItemsInObjectGraph="2147483646" / > > > <serviceThrottling maxConcurrentCalls="16" > > maxConcurrentSessions="10" > > maxConcurrentInstances="2147483647" /> > > <serviceCredentials> > > <clientCertificate> > > <authentication certificateValidationMode="ChainTrust" > > revocationMode="Online" /> > > </clientCertificate> > > <serviceCertificate > > findValue="cfbed967b303bf007b638f190948ca69677dxxxx" > > x509FindType="FindByThumbprint" > > storeLocation="LocalMachine" > > storeName="My"> > > </serviceCertificate> > > </serviceCredentials> > > </behavior> > > </serviceBehaviors> > > </behaviors> > > <bindings> > > <customBinding> > > <binding name="ZI2Binding" closeTimeout="02:00:00" > > openTimeout="02:00:00" receiveTimeout="02:00:00" > > sendTimeout="02:00:00"> > > <transactionFlow /> > > <reliableSession ordered="true" /> > > <security includeTimestamp="false" > > authenticationMode="SecureConversation" > > messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> > > <secureConversationBootstrap > > authenticationMode="MutualSslNegotiated" > > messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" > > / > > > <localClientSettings detectReplays="false" /> > > <localServiceSettings detectReplays="false"/> > > </security> > > <textMessageEncoding> > > <readerQuotas maxDepth="64" > > maxStringContentLength="2147483647" maxArrayLength="2147483647" > > maxBytesPerRead="204800" maxNameTableCharCount="16384" /> > > </textMessageEncoding> > > <httpTransport maxBufferSize="2147483647" > > maxReceivedMessageSize="2147483647" /> > > </binding> > > </customBinding> > > </bindings> > > > The problem only appears when no one access the clients for a couple > > ours (no comunication between client and server) so if my guess is > > right and based on the exceptions I think that the problem is that the > > facility is trying to reach the service with an expired token, but > > this is just my thought. > > If you need more details or I'm missing something please let me know. > > Thanks in advance. > > > Jorge > > > On 24 dic, 11:43, Craig Neuwirt <[email protected]> wrote: > > > > Jorge, > > > > Is there any chance of creating a test case for this so I can look at > > > it. > > > In particular, I need to see > > > how you configured the services. > > > > craig > > > > On Tue, Dec 22, 2009 at 8:49 AM, Jorge Ramos Eguinoa > > > <[email protected]>wrote: > > > > > I'm having the same issue that is described here > > > >http://support.castleproject.org/projects/FACILITIES/issues/view/FACI.... > > > > After some research I realized that this is happening when no clients > > > > access to the application for more than a couple hours in our > > > > production servers. > > > > I did a little change in ChannelReconnectPolicy in order to reconnect > > > > always (for testing porpuses) and in the server side I'm getting this > > > > exception: > > > > > "The SecurityContextSecurityToken with context-id=urn:uuid:600f27bc- > > > > ed0c-4370-b4e2-cbfce7cc6d2d (key generation-id=) is not registered." > > > > > Maybe I'm missing something but I think that the problem is that the > > > > security token needs to be recreated when this happens because after a > > > > while It becomes invalid. > > > > > So my question is how the facility creates the security context? Is > > > > there any way to re create the security token in the facility when I > > > > reconnect? > > > > > Any help would be appreciated. Sorry for my english! =P > > > > > Jorge. > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > Groups > > > > "Castle Project Users" group. > > > > To post to this group, send email to > > > > [email protected] > > > > . > > > > To unsubscribe from this group, send email to > > > > [email protected]<castle-project-users%2bun[email protected]> > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/castle-project-users?hl=en.-Ocultartexto > > > >de la cita - > > > > - Mostrar texto de la cita -- Ocultar texto de la cita - > > - Mostrar texto de la cita - -- You received this message because you are subscribed to the Google Groups "Castle Project Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/castle-project-users?hl=en.
