Calling WCF service from WebApi throws MessageSecurityException

I use 3rd party client library which internally communicates with server (somewhere in cloud) using WCF (I only can configure few key/value settings, the library creates all the WCF client proxy stack within its code).

If I use the library in WinForms or console application it works well, however calling the library API from within WebApi it ends up with error:

An exception of type 'System.ServiceModel.Security.MessageSecurityException' occurred in mscorlib.dll but was not handled in user code

Additional information: The Identity check failed for the outgoing message. 
The remote endpoint did not provide a domain name system (DNS) claim and therefore did not satisfied DNS identity 'serverName'. 
This may be caused by lack of DNS or CN name in the remote endpoint X.509 certificate's distinguished name.

Why there is a difference? The server side is the same, so does this mean the identity check is not performed when running in WinForms app? Or the identity check is performed differently when running in WebApi? How can I fix it?

I run the code from within VS2015, WebApi is hosted in IISExpress. The library uses NetTcpBinding with TransportWithMessageCredential and MessageCredentialType.UserName

Answers


Try adding this to your app.config file

<configuration>
    <runtime>
        <AppContextSwitchOverrides value="Switch.System.IdentityModel.DisableMultipleDNSEntriesInSANCertificate=true" />
    </runtime>
</configuration>

From MSDN:

Starting with apps that target the .NET Framework 4.6.1, the X509CertificateClaimSet.FindClaims method will attempt to match the claimType argument with all the DNS entires in its SAN field. Impact

This change only affects apps that target the .NET Framework 4.6.1.

For apps that target previous versions of the .NET Framework, the X509CertificateClaimSet.FindClaims method attempts to match the claimType argument only with the last the DNS entry. Mitigation

If this change is undesirable, apps that target the .NET Framework 4.6.1 can opt out of it by adding the following configuration setting to the section of the app’s configuration file:

https://msdn.microsoft.com/en-us/library/mt620030%28v=vs.110%29.aspx


Need Your Help

Implementing in OpenCL

c++ math opencl

I have been trying to write a program that counts rationals on the Cantor set with certain denominators. I found that with my computer it takes 20 hours or more to compute the number between 3^14 a...

Calculating harmonics of a signal

signal-processing

I have signal in vector form containing a number of samples and has frequency w0. I want to find harmonics of that signal. Is there a way to do so?