Geeks With Blogs

News View Michael Stephenson's profile on BizTalk Blog Doc View Michael Stephenson's profile on LinkedIn
Michael Stephenson keeping your feet on premise while your heads in the cloud
I came across a something the other day with  WCF service I was hosting in IIS which was configured to use the relay bindings to listen to the Windows Azure Service Bus.

I had made an error in the configuration file and it popped up with the below error in the browser.


Server Error in '/Acme.Azure.ServiceBus.Connect' Application.

 

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. 

Parser Error Message: Invalid element in configuration. The extension name 'transportClientEndpointBehavior' is not registered in the collection at system.serviceModel/extensions/behaviorExtensions. 

Source Error:

 

Line 159:      <endpointBehaviors>

Line 160:        <behavior name="BrokeredMessageService-Ws">

Line 161:          <transportClientEndpointBehavior credentialType="SharedSecret">

Line 162:            <clientCredentials>

Line 163:              <sharedSecret issuerName="owner" issuerSecret="*** I have hidden the key but its displayed here***


As you can see from the bottom of the error message this displayed the shared secret key (obviously I have hidden it in this post).

Now we all know how from time to time a configuration error can happen, and although its unlikely if it did happen you dont want your key comprimised.

Fortunately there are a couple of ways you can probably handle this.

1. You can add a custom error page as described in the below link: (thanks to Jayu Katti on the Service Bus Team for this one)

2. You can encrypt parts of the configuration file as discussed in the following PNP article.  I havent tried this one yet but the assumption is if you can encrypt the appSettings and connectionStrings sections you can probably encrypt the whole of the system.servicemodel section


Anyway hope this helps a few people


Posted on Sunday, April 21, 2013 12:01 PM Azure Service Bus | Back to top


Comments on this post: Dont let your Shared Secret be visible in the browser

# re: Dont let your Shared Secret be visible in the browser
Requesting Gravatar...
Highly experienced freelance programmers do my Java homework for me and I will share this post with them. Delivering integration projects doesn't take much time as a rule.
Left by Pamela on Nov 09, 2016 11:20 PM

# re: Dont let your Shared Secret be visible in the browser
Requesting Gravatar...
Download Chrome Browser app for android from Aptoide app store.
Left by David Mshra on Nov 13, 2017 8:51 AM

# re: Dont let your Shared Secret be visible in the browser
Requesting Gravatar...
the game thanks
Left by play on Mar 26, 2018 7:38 PM

# re: Dont let your Shared Secret be visible in the browser
Requesting Gravatar...
I am grateful to have opened this discussion. This question is quite interesting to me. Finally the answer was found
Do 192.168.0.1
Left by Anna on May 03, 2018 7:51 PM

Your comment:
 (will show your gravatar)


Copyright © Michael Stephenson | Powered by: GeeksWithBlogs.net