- You configure a Microsoft Web Services Enhancements 3.0 (WSE 3.0)-based Web service to use secure conversation.
- You host the Web service in a load-balanced environment.
Event Source:Microsoft WSE 3.0
System.ApplicationException: WSE841: An error occurred processing an outgoing fault response.
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request.
System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
By default, if you configure the Web service to use secure conversation by setting the EstablishSecurityContext property of the policy to True, WSE 3.0 uses the stateful SecurityContextToken object. This operation uses the Data Protection API (DPAPI) to encode and decode the following:
- The state of the SecurityContextToken object
- The cookie of the SecurityContextToken object
Method 1Use the Sticky Sessions feature for the load balancer. This operation forces the conversation to be processed completely on a single server in the load-balanced environment. This method avoids the problem.
Method 2Configure the statefulSecurityContextToken element to disable the stateful security tokens of the Web service. For example, use an application configuration file that contains the following code to disable the stateful security tokens.
Method 3Use an X509 certificate or another type of security token instead of the default DPAPI implementation to help secure the SecurityContextToken object. To do this, configure the serviceToken element in the application configuration file of each Web server.
For example, the following code configures the Web service to use an X509 certificate instead of the DPAPI implementation to help secure the SecurityContextToken object.
In this scenario, the DPAPI cannot be used with non-roaming user profiles. For example, the local user profile for a user is different on different computers. By default, the master key of the DPAPI expires after 90 days. When the master key of the DPAPI is regenerated, each computer has a different master key in the local copy of the user profile. However, the data that is encrypted by one computer cannot be decrypted by another computer. Therefore, the local copy of the user profile causes the problem.
When you send a SOAP message, the stateful SecurityContextToken object is serialized together with an encrypted key. Only the Web service can retrieve this encrypted key. However, the encrypted key of the stateless SecurityContextToken object is cached by the client and Web service. Therefore, a unique string that represents the cached SecurityContext security token must be sent in the SOAP message. When the caches are available, no problem occurs. However, if you use the stateless SecurityContextToken object, and the application domain that is hosting the Web service is reset, the caches are destroyed. This situation causes a SOAP error.
Note Some virus scanners may cause application domains to be reset.
Article ID: 939760 - Last Review: Jul 31, 2007 - Revision: 1