Thursday, 27 June 2013

WCF ERROR - An unsecured or incorrectly secured fault was received from the other party

Error  :  “An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail”.
 We  got above security while accessing the WCF service deployed on our Development server

Cause  : This type of error we normally receive because of a server time skew. The remote server and the client's system time must be within (typically) 5 minutes of each other. If they are not, security validation will fail and WCF service will throw security error. The Development serve and client time difference was 10mins and Hence the service was throwing an error related to security.

Solution :
We just  have updated the server time same as client machine and then it started working.

Message security mechanism in WCF supports WS-SecurityConversation standard, which consists of establishing a session between client and server. A special request should be sent for a session to be established before any other calls. This results in getting a security token which will be used for subsequent calls. SecurityConversation mechanism has a very bad side effect - the success of conversation depends on difference between client and server system time. By default an acceptable skew between client and server is 5 minutes. If the skew is bigger than a call completes with an error. If system time on client isn't being synchronized with server then we can get (and actually get) a situation when our application stops working suddenly and start giving security related exception.