WSE TimeStamp validation errors

Tuesday, January 4, 2005

WSE

When its about time to deploy WSE projects most of the pepole will notice several errors regarding the message timestamp.

Each WSE message has its own time stamp which is checked when the message being recived at the server side. The problem arises from this check are because not all of clocks in the computers around the glob syncronized to the same time.

I havent found a way to disable this check but was able to find a way to extend it beyone the default 5 min.
Add the following line to the config file:

<security>
<timeToleranceInSeconds>new timeout value</timeToleranceInSeconds>
</security>
</microsoft.web.services2>

The new timeout value is in sec so for 24hr just enter 86400, i think thats should be enough.

From MSDN:

Use the <timeToleranceInSeconds> element when there is a clock difference between the SOAP message sender and receiver. WSE uses the <timeToleranceInSeconds> element when it compares the current time against the expiration time for all security tokens and against the creation time for post-dated security tokens. The default time buffer is five minutes. That is, WSE uses the <timeToleranceInSeconds> element to determine the time buffer of when a security token or SOAP message is valid.

2 Comments

Timeout's are there to prevent SSL replayattacks on a server. If you are not communicating over SSL then this is probably not such a big issue anyway coz you are probably communicating over a local network or you have other methods to prevent these kind of attacks like unique message id's.

exyll@hotmail.com (Ramon 'Exyll' Smits) - Tuesday, January 4, 2005 5:27:00 PM

You are right Ramon but sometimes you want to have control over it specialy when you just made your first deployment and dont have any idea why its not working :-)

Ohad Israeli - Tuesday, January 4, 2005 7:27:00 PM

Comments have been disabled for this content.