Thursday, February 11, 2010

The security token could not be authenticated or authorized

@YaronNaveh

When we use X.509 certificates with web services we might get this exception:


System.Exception: Soap error:Message:The security token could not be authenticated or authorized


This mostly means the certificate that was used by the server/client for encryption/signature is not valid on our machine. One solution would be to add it or its issuer cert to our trusted store.

An interesting case where we may get this error is after we have added the certificate to the store. This is usually a result of caching made by the windows store. Such caching is used in order to prevent DOS attacks. Wait a few minutes until changes take effect...

@YaronNaveh

What's next? get this blog rss updates or register for mail updates!

7 comments:

Unknown said...

Thanks a lot..
this helped me a lot

Piotr Biesiada said...

In Visual Studio this seems to be WSE537 error. Adding the certificate to local store doesn't help. The issuer is already added but this don't work. Any ideas?

Piotr Biesiada said...

In Visual Studio this seems to be WSE537 error. Adding the certificate to local store doesn't help. The issuer is already added but this don't work. Any ideas?

Yaron Naveh (MVP) said...

Hi Piotr

When things get messed up with certificates authentication I like to install the relevant certificates in each one of the stores (in local machine or current user) and see what happens... if this works I remove them one by one.

Of course it can still be the issue is something else. If you have a working client compare the outgoing message to its message.

Piotr Biesiada said...

The interesting thing here is that the web service receive and process the message, the problem is only on the client side. This tells that problem is only on client machine, right?

Piotr Biesiada said...

Success! I've added the CA to local computer store and that did the trick! :)

Mauricio Flórez said...

Hi,
Works for me, thanks