SCT in WSE2 and WS-SecureConversation 

If you get this error [1], while working on a WS-SecureConversation based application, consider the following:

  • Look at the timeout period for you SCTs, issued by the server-side service.
  • If this is all ok, then you're probably in my situation. Check if you enabled web garden support in your IIS's application pool. If so, go back to Performance tab in application pool's properties and enter 1 (one) as a 'Maximum number of worker processes'.

Things can get really rough in a state WSE2 is in if you create a web garden and use WS-SecureConversation at the same time.

A few weeks ago I was designing an architecture for a complex B2B secure communication channel and parts of it wanted to use some form of a web garden. Since I forgot to disable it, there were trouble.

The strangest thing I noticed when investigating this was that everything worked the first time after IIS restart happened - sure - a session is pinned to the first worker process, the second one just gets created.

Of course, there are workarounds regarding this, but they include some non-trivial WSE2 subclassing.

[1] Additional information: Microsoft.Web.Services2.Security.SecurityFault: The specified source for the derivation is unknown ---> System.Exception: WSE512: This derived key token's parent cannot be found. The reference to the parent token follows: <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="uuid:227d47ac-1b2b-45a5-92f0-d7d630aeda86" ValueType="http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct" /></wsse:SecurityTokenReference>.

Categories:  Web Services | Work
Tuesday, 26 October 2004 12:56:29 (Central Europe Standard Time, UTC+01:00)  #    Comments

 

All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
Live Comment Preview
Copyright © 2003-2024 , Matevž Gačnik
Recent Posts
RD / MVP
Feeds
RSS: Atom:
Archives
 Complete Archive

February, 2024 (2)
March, 2023 (1)
January, 2023 (2)
December, 2022 (1)
December, 2021 (1)
May, 2019 (1)
August, 2018 (1)
April, 2017 (1)
March, 2016 (1)
March, 2013 (1)
October, 2011 (1)
June, 2011 (1)
March, 2011 (1)
December, 2010 (1)
October, 2009 (2)
June, 2009 (1)
May, 2009 (1)
April, 2009 (2)
October, 2008 (2)
August, 2008 (1)
July, 2008 (2)
June, 2008 (1)
May, 2008 (1)
April, 2008 (2)
February, 2008 (2)
January, 2008 (1)
November, 2007 (2)
September, 2007 (3)
August, 2007 (4)
July, 2007 (7)
May, 2007 (7)
April, 2007 (1)
March, 2007 (6)
February, 2007 (7)
December, 2006 (3)
November, 2006 (7)
October, 2006 (3)
September, 2006 (3)
August, 2006 (1)
July, 2006 (2)
June, 2006 (11)
May, 2006 (7)
April, 2006 (5)
March, 2006 (7)
February, 2006 (1)
January, 2006 (8)
December, 2005 (8)
October, 2005 (1)
September, 2005 (1)
August, 2005 (1)
July, 2005 (1)
June, 2005 (4)
May, 2005 (4)
April, 2005 (5)
March, 2005 (4)
January, 2005 (1)
December, 2004 (1)
November, 2004 (1)
October, 2004 (2)
September, 2004 (1)
August, 2004 (9)
July, 2004 (2)
June, 2004 (3)
May, 2004 (8)
April, 2004 (6)
March, 2004 (7)
February, 2004 (2)
January, 2004 (8)
December, 2003 (2)
November, 2003 (7)
October, 2003 (10)
September, 2003 (18)
August, 2003 (9)
July, 2003 (17)
June, 2003 (17)
Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll
 Clemens Vasters
 Dejan Dular
 Joshua Flanagan
 Mark Michaelis
 Mark Russinovich
 Miha Markič
 Scott Hanselman
 Tesla Motors
Legal

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2024
Matevž Gačnik

Send mail to the author(s) E-mail