0

I have a secure WCF service with a custom username password validator. Everything is finally working after a considerable amount of effort. I just have one last problem. Whenever I throw the exception to signal that the user's login credentials are incorrect, it gets translated to a MessageSecurityException with the message "Additional information: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail."

If I originally threw a FaultException, the inner exception will contain the message I intended for the consumer to see ("Unknown Username or Incorrect Password"). If any other type of exception is thrown, the inner exception is literally just a duplicate of the non descriptive generic outer exception.

I really want the top level exception to contain the "Unknown Username or Incorrect Password" message. I even tried throwing my own MessageSecurityException with the desired message and even that didn't work. Does anyone how to know how to throw an exception from my validator such that the outer exception contains the message I want the consumer to see?

Michael S. Miller
  • 407
  • 4
  • 15

1 Answers1

0

I am assuming that you are using fault contracts to propagate the fault, if not, that might be your problem. The MessageSecurityException was most likely generated by WCF, as it is a CommunicaitonException which is one of the excepted exceptions when working with WCF. There are several possible causes that are mentioned in this question.

I would suggest, however, that you reconsider using exceptions to handle an invalid username/password. Many people follow the practice of only using exceptions for exceptional cases, and and invalid username/password is definitely not exceptional in this case. Perhaps it would be better to pass back a bool or a string with the error message.

Community
  • 1
  • 1
  • When you create a custom username password validator for use in a secure WCF service, you have to derive a class from UserNamePasswordValidator and override the Validate method. The Validate method takes two arguments, userName and password, and has a return type of void. Therefore I don't see how one would go about passing back a bool or a string in this case. And yes, I am using a fault exception. However from what I have read you can't use your fault contracts from the validator. – Michael S. Miller May 23 '16 at 14:42
  • 1
    I misunderstood what you were trying to do. It looks like there may not be much you can do about it according to this [question.](http://stackoverflow.com/questions/7755256/wcf-certificate-custom-validation-send-exception-message-to-client) I don't think its exactly the same situation, but I think it might be the same cause. According to the comments in that question, the error is thrown below WCF because it cannot setup a secure connection, due to the bad credentials. They mention that there are some settings you can change though. –  May 23 '16 at 16:31