tags:

views:

262

answers:

1
Q: 

WCF tcp.net client/server connection failing "Stream Security is required"

I am trying to test a simple WCF tcp.net client/server app. The WCF service is being hosted on Windows 7 IIS. I have enabled TCP.net in IIS. I granted liberal security privileges to service app by configuring an app pool with admin rights and set the IIS service application to run in the context.

I enabled tracing on the service app to troubleshoot. Whenever I run a simple method call against the service from the WCF client app, I get the following exception:

"Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding."

Here is my client configuration: 

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp">
      <security mode="None" />
    </binding>
  </netTcpBinding>
</bindings>

Here is my service configuration: 

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp"  >
      <security mode="None" />
    </binding>
  </netTcpBinding>
</bindings>

<services>
  <service name="OrderService" behaviorConfiguration="debugServiceBehavior">
    <endpoint
        address=""
        binding="netTcpBinding"
        bindingConfiguration="InsecureTcp"
        contract="ProtoBufWcfService.IOrder" />
  </service>
</services>

<behaviors>

  <serviceBehaviors>
    <behavior name="debugServiceBehavior">
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>

  </serviceBehaviors>
</behaviors>

A: 

WCF doesn't like insecure communications - it wants to use safe and secure comm channels by default. The default security mode for netTcpBinding is transport-level security with Windows credentials. Can you use that default instead of turning everything off??

If your server machine and all the clients calling it are on the same company LAN, behind a firewall, there's really no point in not using Windows credentials. To do so, use this binding configuration:

<bindings>
  <netTcpBinding>
    <binding name="InsecureTcp">
      <security mode="Transport">
         <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
</bindings>

That security feature is very fast, often implemented in hardware on your network card, and using Windows credentials inside an organization typically is the best way to go.

So why did you disable all security on netTcpBinding and get yourself into this trouble?

marc_s  2010-05-17 05:01:01

related questions

Best way to manage database connection for a Java servlet
C# Web Server Connection Problem
PHP's sleep function and client connections
VistaDB Connection Issue Programmatically using SQLConnection and ConnectionString
Common WCF Exception : Connection Unexpectedly Closed
DTS Packages & a Connection to Access
How to determine total number of open/active connections in ms sql server 2005
connecting web parts in sharepoint
Connection to Oracle without a username or password
Best Portable way to connect to SQL server using c++
Connection Forcibly Closed error
Determining when an EDGE connection comes back after a dropout on an iPhone
How can I re-use an existing database connection in phpBB3?
Help:How to make ODBC connection in web.Config file.
Java HttpURLConnection: Can it cope with duplicate header names?
Artificially create a connection timeout error
How to use system_user in audit trigger but still use connection pooling?
Why would a "java.net.ConnectException: Connection timed out" exception occur when URL is up?
java.net.SocketException: Connection reset
Graph Algorithm To Find All Connections Between Two Arbitrary Vertices
HELP SSL GURUs!!! ... Problems with SSL Connection
SQLServer Native Client Error "Connection Busy With Results From Another Command" in SSIS
Fast database access test from .Net
Oracle - What TNS Names file am I using?
How do I connect to a database and loop over a recordset in C#?