SCT in WSE2 and WS-SecureConversation 

If you get this error [1], while working on a WS-SecureConversation based application, consider the following:

  • Look at the timeout period for you SCTs, issued by the server-side service.
  • If this is all ok, then you're probably in my situation. Check if you enabled web garden support in your IIS's application pool. If so, go back to Performance tab in application pool's properties and enter 1 (one) as a 'Maximum number of worker processes'.

Things can get really rough in a state WSE2 is in if you create a web garden and use WS-SecureConversation at the same time.

A few weeks ago I was designing an architecture for a complex B2B secure communication channel and parts of it wanted to use some form of a web garden. Since I forgot to disable it, there were trouble.

The strangest thing I noticed when investigating this was that everything worked the first time after IIS restart happened - sure - a session is pinned to the first worker process, the second one just gets created.

Of course, there are workarounds regarding this, but they include some non-trivial WSE2 subclassing.

[1] Additional information: Microsoft.Web.Services2.Security.SecurityFault: The specified source for the derivation is unknown ---> System.Exception: WSE512: This derived key token's parent cannot be found. The reference to the parent token follows: <wsse:SecurityTokenReference xmlns:wsse=""><wsse:Reference URI="uuid:227d47ac-1b2b-45a5-92f0-d7d630aeda86" ValueType="" /></wsse:SecurityTokenReference>.

Categories:  Web Services | Work
Tuesday, October 26, 2004 12:56:29 PM (Central Europe Standard Time, UTC+01:00)  #    Comments


All comments require the approval of the site owner before being displayed.
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview
Copyright © 2003-2024 , Matevž Gačnik
Recent Posts
RSS: Atom:

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2024
Matevž Gačnik

Send mail to the author(s) E-mail