timeToleranceInSeconds not working

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

sam - 24 Jul 2006 09:02 GMT

Hello,

We are having problems with time delays between a client and a webservice
using ws-enhancements. When we set the property timeToleranceInSeconds it
doesn´t work, and when there are time differences between client and server
we get a an exception.

Is there any way to control this, or to disable this verification?

Thanks,
Sam.

Reply to this Message

Steven Cheng[MSFT] - 24 Jul 2006 15:07 GMT

Hello Sam,

Welcome to the MSDN newsgroup.

From your description, I understand you're using WSE component to customize
your ASP.NET webservice, currently since there are time difference between
the client and server machine, you're going to use WSE's
<timeToleranceInSeconds /> setting to configure the time diff span between
client and server app, however, you can not get it working in your
environment, correct?

As for this issue, would you provide some further information on your
webservice client and server settings. What's the security and
authentication mode they have been configured to use. Also, as for the
<timeToleranceInSeconds /> element, have you configured it in both the
client and server application's config file or would you provide the
configuration section so that we can have a look?

In addition, for general test, you can start from a simplified application,
let the client and server use anonymous access(do not authenticate) and
configure the <timeToleranceInSeconds > setting to see whether the
webservice call can succeed under the time difference between client and
server. Based on my local testing, the WSE 3.0 SecurityAnonymous policy
sample can work under time difference by setting the
<timeToleranceInSeconds value="xxx"/> element.

Please have a check on the above things and if there is any other finding,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial

response from the community or a Microsoft Support Engineer within 1
business day is

acceptable. Please note that each follow up response may take approximately
2 business days

as the support professional working with you may need further investigation
to reach the

most efficient resolution. The offering is not appropriate for situations
that require

urgent, real-time or phone-based interactions or complex project analysis
and dump analysis

issues. Issues of this nature are best handled working with a dedicated
Microsoft Support

Engineer by contacting Microsoft Customer Support Services (CSS) at

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

sam - 25 Jul 2006 10:26 GMT

Dear Steven,

Yes we can´t get it to work, whatever we put in the property
"timeToleranceInSeconds" it doesn´t work. This is really strange and it
doesn´t make any sense cause we can´t use WSE with this behavior (there is no
way to control the clients time). The best thing would be to disable this
validation.

We are using token based authentification, our class inherits from
UserTokenManager, and uses the method AuthentificateToken. The vdirs in IIS
are configured with anonymous access.

Our WebService config file:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="microsoft.web.services2"
type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration,
Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings>
<add key="xxx" value="xxxx" />
</appSettings>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="On" />
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1u84 ?rusted_Connection=yes" cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<webServices>
<soapExtensionTypes>
<add type="Microsoft.Web.Services2.WebServicesExtension,
Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
</soapExtensionTypes>
</webServices>
</system.web>
<microsoft.web.services2>
<security>
<x509 allowTestRoot="false" storeLocation="CurrentUser"
allowRevocationUrlRetrieval="false" verifyTrust="false" />
<securityTokenManager type="xxxxUsernameTokenManager, xxx.WS"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" qname="wsse:UsernameToken" />
<defaultTtlInSeconds>86400</defaultTtlInSeconds>
</security>
<diagnostics>
<detailedErrors enabled="true" />
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
<policyTrace enabled="true" input="ReceivePolicy.webinfo"
output="SendPolicy.webinfo" />
</diagnostics>
<tokenIssuer>
<autoIssueSecurityContextToken enabled="true" />
</tokenIssuer>
</microsoft.web.services2>
</configuration>

Our client config settings are these:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="microsoft.web.services2"
type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration,
Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<microsoft.web.services2>
<diagnostics />
</microsoft.web.services2>
</configuration>

Many Thanks,
Sam

> Hello Sam,
>
[quoted text clipped - 72 lines]
>
> This posting is provided "AS IS" with no warranties, and confers no rights

Reply to this Message

Steven Cheng[MSFT] - 26 Jul 2006 16:11 GMT

Thanks for your response Sam,

I originally assumed that you're using .net framework 2.0 and WSE 3.0 , so
my previous test is also based on WSE 3.0, I'll perform some further test
against WSE 2.0(SP3) later. BTW, in the server and client application
config you provided, I found that you haven't added the
<timeToleranceInSeconds> element which is the configuration element for
timeTolerance ...

I only found the <defaultTtlInSeconds> in your webservice's server
web.config file. The <defaultTtlInSeconds> only defines the default number
of seconds that a SOAP message is valid after its creation.(not the time
difference tolerance between client and server). Have you tried the
<timeToleranceInSeconds> element like below?

========================
<microsoft.web.services2>
<diagnostics />
<security>
<defaultTtlInSeconds>400</defaultTtlInSeconds>
<timeToleranceInSeconds>400</timeToleranceInSeconds>

=======================

Also, I think you need to add the setting in both client and server
application's WSE configuration since the time difference is dual. Anyway,
I'll post my test result to you as soon as possible, if you have any
further finding, please also let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

nitin pranjale - 06 Nov 2007 11:19 GMT

> Hello,
>
[quoted text clipped - 7 lines]
> Thanks,
> Sam.

hello,
I also have the same issue. I am using framework 2.0 and wse 3.0. Though in my case the 'ttlInSeconds' is working properly as tested on two different machines, but I want it to be used in the case of global application. Which will be used in all over the world with their own time settings. How can I achieve this.

Please help.
Thanks
Nitin

BizTalk Utilities - Frustration free BizTalk Adapters
http://www.topxml.com/biztalkutilities

Reply to this Message

timeToleranceInSeconds not working

Free Magazines