views:

262

answers:

1

I am trying to test a simple WCF tcp.net client/server app. The WCF service is being hosted on Windows 7 IIS. I have enabled TCP.net in IIS. I granted liberal security privileges to service app by configuring an app pool with admin rights and set the IIS service application to run in the context.

I enabled tracing on the service app to troubleshoot. Whenever I run a simple method call against the service from the WCF client app, I get the following exception:

"Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding."

Here is my client configuration:

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp">
      <security mode="None" />
    </binding>
  </netTcpBinding>
</bindings>

Here is my service configuration:

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp"  >
      <security mode="None" />
    </binding>
  </netTcpBinding>
</bindings>

<services>
  <service name="OrderService" behaviorConfiguration="debugServiceBehavior">
    <endpoint
        address=""
        binding="netTcpBinding"
        bindingConfiguration="InsecureTcp"
        contract="ProtoBufWcfService.IOrder" />
  </service>
</services>

<behaviors>

  <serviceBehaviors>
    <behavior name="debugServiceBehavior">
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>

  </serviceBehaviors>
</behaviors>

A: 

WCF doesn't like insecure communications - it wants to use safe and secure comm channels by default. The default security mode for netTcpBinding is transport-level security with Windows credentials. Can you use that default instead of turning everything off??

If your server machine and all the clients calling it are on the same company LAN, behind a firewall, there's really no point in not using Windows credentials. To do so, use this binding configuration:

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp">
      <security mode="Transport">
         <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
</bindings>

That security feature is very fast, often implemented in hardware on your network card, and using Windows credentials inside an organization typically is the best way to go.

So why did you disable all security on netTcpBinding and get yourself into this trouble?

marc_s