Describe the bug
We are using WCF Server [.NET Framework 4.8] and WCF Client [.NET 8.0], and when there is a need to send a message http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew, the message is not sent, and an exception occurs.
We are using Duplex channel with netTcpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential and certificate.
To Reproduce
Steps to reproduce the behavior:
-
I created a sample project to reproduce the issue. I used LINQPad (https://www.linqpad.net/Download.aspx) to create a server and a client; however, these LINQPad scripts can be easily modified to console applications. Just remove the extension '.txt', it didn't allowed me upload files with '.linq' extension
Server LINQPad 5 - wcf_server_renew_problem.linq.txt
Client LINQPad 9 - wcf_client_net8_renew_problem.linq.txt
Run the server and the client, then wait for a maximum of 3 minutes. The error should appear.
-
Full call stacks.
Expected behavior
I expect that the Renew message should be functional between the WCF Client [.NET 8.0] and the WCF Server [.NET Framework 4.8] by default, or there should be some switch or another way to send the Renew message in a way that the WCF Server [.NET Framework 4.8] understands.
Describe the bug
We are using WCF Server [.NET Framework 4.8] and WCF Client [.NET 8.0], and when there is a need to send a message
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew, the message is not sent, and an exception occurs.We are using Duplex channel with
netTcpBinding.Security.Mode = SecurityMode.TransportWithMessageCredentialand certificate.To Reproduce
Steps to reproduce the behavior:
I created a sample project to reproduce the issue. I used LINQPad (https://www.linqpad.net/Download.aspx) to create a server and a client; however, these LINQPad scripts can be easily modified to console applications. Just remove the extension '.txt', it didn't allowed me upload files with '.linq' extension
Server LINQPad 5 - wcf_server_renew_problem.linq.txt
Client LINQPad 9 - wcf_client_net8_renew_problem.linq.txt
Run the server and the client, then wait for a maximum of 3 minutes. The error should appear.
Full call stacks.
CommunicationObjectFaultedExceptionaplication_error.txt that appears doesn't provide much information on what is wrong exactly. So I debugged the librarySystem.ServiceModel.Primitivesdirectly to get more information.XmlExceptioninner_exception.txt and I was able to determine why it is failing with a CommunicationObjectFaultedException. There is a problem when creating a signature for the token, that the stream reference has a position at the end of the stream and therefore is not able the xmlreader read the xml document wcf/src/System.ServiceModel.Primitives/src/System/ServiceModel/Security/WSSecurityOneDotZeroSendSecurityHeader.cs at v8.1.2-rtm · dotnet/wcf_toHeaderStream.Position = 0;AddReference("#" + _toHeaderId, _toHeaderStream);After applying the fix, the message http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew was sent to the server.
The security protocol cannot verify the incoming message.The problem is that the .NET 8 client implementation differs from .NET 4.8 implementation. The signing of the security token
System.ServiceModel.Security.Tokens.BufferedGenericXmlSecurityTokenis sent extra in .NET 8 implementation, and it is causing theThe security protocol cannot verify the incoming message.problem, because .NET 4.8 server doesn’t expect this signing.Renew message from .NET 4.8 client ok_renew.xml
Renew message from .NET 8 client wrong_renew.xml
Expected behavior
I expect that the Renew message should be functional between the WCF Client [.NET 8.0] and the WCF Server [.NET Framework 4.8] by default, or there should be some switch or another way to send the Renew message in a way that the WCF Server [.NET Framework 4.8] understands.