This is my service configuration in web.config:
<binding name="statefulSessionWithUsernameOverTransport">
<security authenticationMode="SecureConversation"
requireSecurityContextCancellation="False" allowInsecureTransport="True">
<secureConversationBootstrap authenticationMode="UserNameOverTransport"/>
</security>
<binaryMessageEncoding />
<httpTransport />
</binding>
<service name="com.example.FooService"
behaviorConfiguration="usernamePasswordAuthBehavior">
<endpoint contract="com.example.FooService.IFooService"
address="custom" binding="customBinding"
bindingConfiguration="statefulSessionWithUsernameOverTransport" />
</service>
I am setting allowInsecureTransport=True because in Production the Service will be running behind an SSL Terminating Load Balancer. Calling the Service from my .Net 4.0 Client works without any problems but trying to update the service reference in VS2010 always results in an error:
System.ServiceModel.Channels.TransportSecurityBindingElement Error: Security Policy Export failed. The Binding contains a TransportSecurityBindingElement but no transport security binding element that implements ITransportTokenAssertionProvider. Policy export for such a policy export is not supported.*
I understand what it is trying to tell me - which is basically that I've disabled transport security on a binding that requires it to avoid comprom开发者_开发知识库ising the credentials travelling over the wire. But - that is the whole point of allowInsecureTransport. Could it be that the proxy generator is simply not aware of this attribute?
Update:
It looks like the wsdl generator is indeed unable to deal with the attribute. I had to go back to Message Level Security and a Self-Signed Certificate for development. Using Message Security had the advantage of being able to stick to Cassini for Development instead of going full blown IIS.
<wsHttpBinding>
<binding name="wshttpDevelopmentBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
I ran into this same issue. The problem seems to be the http transport because it doesn't implement the ITransportTokenAssertionProvider interface, but https does. I was able to get around this two ways: switch my custom binding to use https transport, which implements the interface, and add enableUnsecuredResponse="true" to the security element in the config, or write a custom binding deriving from HttpTransportBindingElement but implementing the necessary interface.
I read about this few times (for example here or here) but I have never tryed it. It looks like a bug in WSDL export because when you configure service and client manually it should work but metadata export doesn't work. Second link propose some workaround but it is the ugly one.
My proposal is to develop with allowInsecureTransport set to false and HTTPS with test certificate and switch this configuration when you deploy the application (can be part of installation package).
I ran into a similar issue. I installed hot fix for .NET framework 3.5 on the client machines, and it worked after that.
精彩评论