Unhandled MessageSecurityException on example with UserNamePasswordValidationMode.Custom #32
Description
Which sample is the bug for
[https://github.com/CoreWCF/samples/tree/main/Basic/Binding/WS/WsHttpUserPassword_server]
Describe the bug
When called by the WSHttpUserPassword_client project an unhandled exception occurs on the server and no faultexception is sent to the client.
To Reproduce
Steps to reproduce the behavior:
- Start the WsHttpUserPassword_server project
- Start the WSHttpUserPassword_client project
- The following unhandled MessageSecurityException: Message security verification failed occurs on the server
- Stack:
Hosting environment: Development
Content root path: C:\samples-main\Basic\Binding\WS\WsHttpUserPassword_server\bin\Debug\net6.0
Now listening on: http://localhost:8088
Now listening on: https://localhost:8443
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 POST https://localhost:8443/EchoService/wsHttpUserPassword application/soap+xml;+charset=utf-8 1615
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HMNL6LA1NTDC", Request id "0HMNL6LA1NTDC:00000002": An unhandled exception was thrown by the application.
CoreWCF.Security.MessageSecurityException: Message security verification failed.
---> CoreWCF.FaultException: Unknown Username or Incorrect Password
at NetCoreServer.CustomUserNamePasswordValidator.ValidateAsync(String userName, String password) in C:\samples-main\Basic\Binding\WS\WsHttpUserPassword_server\CustomUserNamePasswordValidator.cs:line 14
at CoreWCF.IdentityModel.Selectors.CustomUserNameSecurityTokenAuthenticator.ValidateUserNamePasswordCoreAsync(String userName, String password)
at CoreWCF.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateTokenAsync(SecurityToken token)
at CoreWCF.Security.ReceiveSecurityHeader.ReadTokenAsync(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators)
at CoreWCF.Security.ReceiveSecurityHeader.ReadTokenAsync(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
at CoreWCF.Security.ReceiveSecurityHeader.ExecuteFullPassAsync(XmlDictionaryReader reader)
at CoreWCF.Security.ReceiveSecurityHeader.ProcessAsync(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at CoreWCF.Security.TransportSecurityProtocol.VerifyIncomingMessageCoreAsync(Message message, TimeSpan timeout) at CoreWCF.Security.TransportSecurityProtocol.VerifyIncomingMessageAsync(Message message, TimeSpan timeout)
--- End of inner exception stack trace ---
at CoreWCF.Security.TransportSecurityProtocol.VerifyIncomingMessageAsync(Message message, TimeSpan timeout)
at CoreWCF.Security.SecurityProtocol.VerifyIncomingMessageAsync(Message message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at CoreWCF.Dispatcher.ServerSecurityChannelDispatcher`1.VerifyIncomingMessageAsync(Message message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
at CoreWCF.Dispatcher.SecurityReplyChannelDispatcher.ProcessReceivedRequestAsync(RequestContext requestContext) at CoreWCF.Dispatcher.SecurityReplyChannelDispatcher.DispatchAsync(RequestContext context)
at CoreWCF.Channels.ReplyChannelDemuxer.ReplyChannelDispatcher.DispatchAsync(RequestContext context)
at CoreWCF.Channels.AspNetCoreReplyChannel.HandleRequestCore(HttpContext context)
at CoreWCF.Channels.AspNetCoreReplyChannel.HandleRequest(HttpContext context)
at CoreWCF.Channels.RequestDelegateHandler.HandleRequest(HttpContext context)
at CoreWCF.Channels.ServiceModelHttpMiddleware.InvokeAsync(HttpContext context)
at CoreWCF.Channels.MetadataMiddleware.InvokeAsync(HttpContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 POST https://localhost:8443/EchoService/wsHttpUserPassword application/soap+xml;+charset=utf-8 1615 - 500 0 - 8131.6224ms
Expected behavior
A faultexception is raised without the unhandled CoreWCF.Security.MessageSecurityException: Message security verification failed.
Repo environment (please complete the following information):
- OS: [Windows]
- Architecture [x64]
- .NET Version [e.g. 6.0]
Additional context
None