Monday, March 22, 2010

Wcf: "The security capabilities do not match the generated runtime object"


The below Wcf error message is quite rare. You would encounter it only when developing some specific kinds of Wcf custom channels and transports.

The security capabilities of binding
'System.ServiceModel.Channels.CustomBinding' do not match those of the generated runtime object. Most likely this means the binding contains a StreamSecurityBindingElement, but lacks a TransportBindingElement that supports Stream Security (such as TCP or Named Pipes). Either remove the unused StreamSecurityBindingElement or use a transport that supports this element.


ValidateSecurityCapabilities(ISecurityCapabilities runtimeSecurityCapabilities,
BindingParameterCollection parameters)

When you develop a custom channel you usually develop one class which derives from BindingElement and another which implements IChannelFactory. Both classes have this method:

public virtual T GetProperty()

In many cases you override this method to return a specific set of ISecurityCapabilities. One example use case is ClearUsernameBinding:

public override T GetProperty(BindingContext context)
   if (typeof(T) == typeof(ISecurityCapabilities))
     return (T) (ISecurityCapabilities) new AutoSecuredHttpSecurityCapabilities();

   return base.GetProperty(context);

In runtime, Wcf verifies that the capabilities the factory claims it can support are also supported by the actual channel. In other words this must be true:


If you have override the GetProperty() method of the channel but not of the factory then you will get the error above.


What's next? get this blog rss updates or register for mail updates!


Goff said...

Thx alot! Helped me a bunch