Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type.

Question

I am trying to get a third party Java client to communicate with a WCF service I have written.

I get the following exception when receiving the message:

Answer 1

I have accepted that I can't do this in the config file and have resorted to creating the service host in code.

Here is the full example of creating the binding, binding elements and creating the service host.

Please note, you may not be using WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W - you are probably using a more recent version than I am having to use - but just substitute that for the correct version for your service.

var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.IncludeTimestamp = true;
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;

var customBinding = new CustomBinding();
customBinding.Elements.Add(securityBindingElement);
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8));
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 });

ServiceHost customServiceHost = new ServiceHost(type);
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443");
customServiceHost.Open();

Answer 2

Its because the wrong way of referencing the cert has been used somewhere, if i remember correctly, you either directly reference the cert or use a key identifier - anyhow, to get beyond it, you should be able to add the allowSerializedSigningTokenOnReply tag to your security tag on your clients binding configuration and set it to true.

that should get beyond it for you - remember, put this client side

Sorry I cant find the references - I remember reading it somewhere and cant find it now! :( ****EDIT Here It is**** - http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html

<customBinding>  
<binding name="TestSecureBinding"> 
        <security allowSerializedSigningTokenOnReply="true" /> 
        etc
    </binding> 
<customBinding>