Dan Rigsby – Coding Up Style

Developer.Speaker.Blogger

«
»

Changing the default Clock Skew in WCF

Posted by Dan Rigsby on August 26th, 2008

It is possible that if you use a WCF binding that has a security binding element, you may encounter the the following exception:

The security timestamp is invalid because its creation time (‘8/262008 1:45:51 PM’) is in the future. Current time is ‘8/26/2006 1:40:01 PM’ and allowed clock skew is ‘00:05:00′.

The exception is of type TimeStampHasCreationTimeInFuture which is defined as: “The security timestamp is invalid because its creation time is in the future. Current time is specified and allowed clock skew is specified.”

This occurs when the difference of the client/server clocks is larger than the allowed value (the default is 5 minutes).  There two possible solutions to this issue:

  1. Set the clocks on the client and server such that they are more in sync.  (You can use “net time” to help you accomplish this.)
  2. Increase the allows clock skew time on the binding.

Option one is by far the easiest, but isn’t always possible depending on your network nor is to the most bulletproof since other clients could have the same issue. Option two isn’t as easy as it sounds though.  There is no setting you can change on your current bindings to set the max clock skew.  Instead, you need to resort to a custom binding.

Here is an example of a custom binding created in a configuration file with the max clock skew set to 15 minutes instead of the default 5 minutes:

<system.serviceModel>
    <services>
        <service name="MyService" behaviorConfiguration="MyBehavior">
            <endpoint address ="" binding="MyCustomBinding" contract="IMyService" />
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyBehavior">
                <serviceMetadata httpGetEnabled="True"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <customBinding>
            <binding name="MyCustomBinding">
                <security>
                    <localClientSettings maxClockSkew="00:15:00" />
                    <localServiceSettings maxClockSkew="00:15:00" />
                    <secureConversationBootstrap />
                </security>
                <textMessageEncoding />
                <httpTransport />
            </binding>
        </customBinding>
    </bindings>
</system.serviceModel>
 
You can do the same in code.  However you can build a custom binding by extending any existing binding.
 
// Create custom binding by extending any existing binding.
System.ServiceModel.Channels.CustomBinding myCustomBinding =
    new System.ServiceModel.Channels.CustomBinding(binding);

// Find the security binding element
System.ServiceModel.Channels.SecurityBindingElement security =
    myCustomBinding.Elements.Find<SecurityBindingElement>();

// Change the clock skew for service and client
if (security != null)
{
    security.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(15);
    security.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(15);
}
DotNetKicks Image

This entry was posted on Tuesday, August 26th, 2008 at 1:01 pm and is filed under Wcf. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»