WCF Authentication error connecting to IP Address

StackOverflow https://stackoverflow.com/questions/21259715

  •  30-09-2022
  •  | 
  •  

Question

I have a program which have a wcf service to communicate with other module. I'd like to implement custom authorization and authentication. Sorry for bad code. Here is it: Server:

Config:

        <behaviors>
            <serviceBehaviors>
            <behavior name="managementMexBehavior">

            <serviceMetadata httpGetEnabled="True" httpGetUrl="http://localhost:7538/management/mex"/>
            <serviceDebug includeExceptionDetailInFaults="True"/>

            <serviceDiscovery>
                <announcementEndpoints>
                    <endpoint kind="udpAnnouncementEndpoint"/>
                </announcementEndpoints>
            </serviceDiscovery>

            </behavior>                  
            </serviceBehaviors>
        </behaviors>        

        <binding name="managementServerBindingConfig" closeTimeout="00:10:00"
      openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
      transferMode="Buffered" maxReceivedMessageSize="65535">
            <security mode="TransportWithMessageCredential">
                <message clientCredentialType="UserName" />
            </security>
        </binding>

Code 

        var binding = new NetTcpBinding("managementServerBindingConfig");
        binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

        string address = _c24ServerAdminSettings.ManagementWebServerAddress;

        ServiceEndpoint endpoint = Host.AddServiceEndpoint(ServiceInterface, binding, address);
        endpoint.Name = "C24ServerAdminManagementEndpoint";

        var parametrInspector = new OperationParametrInspector();

        var errorHandler = new DispatcherErrorHandler();
        errorHandler.OnHandleError += errorHandler_OnHandleError;
        var behavior = new EnpointDispathcherBehavior(parametrInspector, errorHandler);
        endpoint.Behaviors.Add(behavior);

        //ServiceCredentials
        ServiceCredentials scb = Host.Description.Behaviors.Find<ServiceCredentials>();
        if (scb == null)
        {
            scb = new ServiceCredentials();
            Host.Description.Behaviors.Add(scb);
        }
        scb.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
        scb.UserNameAuthentication.CustomUserNamePasswordValidator = new PasswordValidator(_dataManager);
        scb.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "localhost");


        //ServiceAuthorizationBehavior
        ServiceAuthorizationBehavior sab = Host.Description.Behaviors.Find<ServiceAuthorizationBehavior>();
        if (sab == null)
        {
            sab = new ServiceAuthorizationBehavior();
            Host.Description.Behaviors.Add(sab);
        }

        sab.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
        sab.ExternalAuthorizationPolicies = new ReadOnlyCollection<IAuthorizationPolicy>(new[]
                                                                                        {
                                                                                             new AuthorizationPolicy()
                                                                                         });

Client:

Config:

 <binding name="C24ServerAdminManagementEndpoint" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
                hostNameComparisonMode="StrongWildcard" listenBacklog="10"
                maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10"
                maxReceivedMessageSize="65536">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <reliableSession ordered="true" inactivityTimeout="00:10:00"
                    enabled="false" />
                <security mode="TransportWithMessageCredential">
                    <message clientCredentialType="UserName" />
                </security>
            </binding>

  <endpoint address="net.tcp://localhost:60001/Management/" binding="netTcpBinding"
            bindingConfiguration="C24ServerAdminManagementEndpoint" contract="C24ServerAdminManagement.IManagementWebService"
            name="C24ServerAdminManagementEndpoint">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>

Code:

ManagementWebServiceClient ds = new ManagementWebServiceClient("C24ServerAdminManagementEndpoint", _managementServiceAddress);
        ds.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode  =    X509CertificateValidationMode.None;
        ds.ClientCredentials.UserName.UserName = UserName;
        ds.ClientCredentials.UserName.Password = Password;
        ds.Open();

This work pretty well with localhost. But when I set computer Ip address. Client trying to connect to service, service respond and exception occurs.In exception said that response received from DNS(localhost) while we wait from DNS(192.168.0.1). But 192.168.0.1 is local address.

Was it helpful?

Solution 2

The problem was in dns identity. I used localhost certificate. And when i connected using direct IP service returned DNS from certificate.Actually adding dns identity in config should have fixed that problem. Maybe it didn't fix because i created endpoint in code and it load binding config but not endpoint. I rewrite code just a little 

        string address = _managementServiceAddress;
        EndpointAddress epa = new EndpointAddress(new Uri(address), EndpointIdentity.CreateDnsIdentity("localhost"));
        ManagementWebServiceClient ds = new ManagementWebServiceClient("C24ServerAdminManagementEndpoint", epa);
        ds.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode  = X509CertificateValidationMode.None;
        ds.ClientCredentials.UserName.UserName = UserName;
        ds.ClientCredentials.UserName.Password = Password;

It works fine.

OTHER TIPS

I was having the same problem "...everything OK if the client and host are on the same machine, but if the Host and Client are on separate machines I get exceptions errors".

This is what solved the problem for me: My internet connection settings used a proxy server. I changed the IE options for the LAN settings to Bypass proxy server for local addresses and Do not use proxy server for addresses beginning with: http:\\host-ip-here

Good luck.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top