WCF Error - Security processor was unable to find a security header in the message

Asked 10/6, 2010 at 11:23 Answered 8/6, 2015 at 18:20

I'm getting what appears now to be a security error in my WCF Service. Originally my error was about a falted state(removed using around client proxy to clear this error), but have found more information through enabling trace.

I have been unable to get my solution running after encountering this error, and even my backup copy now gets the same error. I'm not sure what has caused this to happen, I undone the changes I made (nothing relating to WCF) and still get the same error.

The error from trace is - System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

I'm not really sure what I need to do to fix this, any help would be usefull. The application was previously working.

Parthenogenesis answered 10/6, 2010 at 11:23 Comment(1)

You might find your problem is related to this thread: #3004799 – Wineglass 10/6, 2010 at 15:19

If you want to avoid configuring a custom binding, you can get a reference to the current basicHttpBinding, create a custom binding from it, and include the EnabledUnsecuredResponse property:

  //client is a reference to your generated proxy client class
  var elements = client.Endpoint.Binding.CreateBindingElements();
  elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
  client.Endpoint.Binding = new CustomBinding(elements);

Amid answered 8/6, 2015 at 18:20 Comment(2)

You're my savior. Took my time over 4 hours and not much answers suggest this concept. – Rockingham 27/10, 2020 at 14:13

Thank you! That was the perfect solution for my case! – Humo 2/4, 2021 at 22:37

Despite the binding mismatch you can force WCF to work by setting the

Security
enableUnsecuredResponse="true"

Below is more of a code sample that you can use to compare against your own settings...

<security enableUnsecuredResponse="true"
          authenticationMode="MutualCertificateDuplex"
          defaultAlgorithmSuite="TripleDesRsa15"
          includeTimestamp="false"
          messageSecurityVersion="Default" >
  <issuedTokenParameters defaultMessageSecurityVersion="Default">
    <issuer address="" binding="" bindingConfiguration="">
      <identity>
        <certificateReference storeLocation="CurrentUser"
                              x509FindType="FindBySerialNumber"
                              findValue="0b 8d a9 18 59 65 36 b9 de 65 8b 21 ba 6c ab cc"
                              isChainIncluded="true" />
      </identity>
    </issuer>
  </issuedTokenParameters>
</security>

Scorpius answered 30/5, 2012 at 22:20 Comment(0)

Recommended topics

Hot tags