Monthly Archives: January 2016

Fixing invalid or expired security content token

Written by William Roush on January 20, 2016 at 12:14 am

Ever get an error like this?

The message could not be processed. This is most likely because the action ‘[URI here]’ is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint’s binding.

And are completely stumped as to what you’ve done wrong?

I spent a few hours to learn that the default wsHttpBinding security configuration is message not none. A commit I made a few weeks ago added this:


<security mode="none" />

To match up with a web transform file for release. When really it should have been:


<security mode="message" />

Additionally I could have just changed the transform to insert instead of replace a called it a day.

 

Sometimes you spend the most time on the silliest of things…