https://stackoverflow.com/questions/23105614
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPlease look at this SO question. There is message security used and reliableSession are not enabled (I don't know if it is default but the config does not contain the setting) but maybe you can make something from the example.
WCF - netTcpBinding and security
-
04-07-2023 - |
Question
I have a WCF service which is implemented with a NetTcpBinding. It can be consumed via Internet. Though it does not run in my domain and I cannot use Windows credentials. I am now searching for a way to secure the service.
An approach without security is working fine. But for the live system security is needed. I therefore read a lot of stuff showing how to configure wsHttpBindings like http://msdn.microsoft.com/en-us/library/ms729789.aspx. But that does not say how to configure a NetTcpBinding.
I now know that a NetTcpBinding is secure by default (see http://www.codemag.com/article/0611051). But is it still secure in the configuration that works for me?
Service:
<netTcpBinding>
<binding name="tcpBinding"
maxBufferSize="67108864"
maxReceivedMessageSize="67108864"
maxBufferPoolSize="67108864"
transferMode="Buffered"
closeTimeout="00:02:00"
openTimeout="00:02:00"
receiveTimeout="00:20:00"
sendTimeout="00:02:00"
maxConnections="100">
<security mode="None">
</security>
<readerQuotas maxArrayLength="67108864"
maxBytesPerRead="67108864"
maxStringContentLength="67108864"/>
<reliableSession enabled="true" inactivityTimeout="24:00:00"/>
</binding>
</netTcpBinding>
Client:
<binding name="NetTcpBinding_IMessageSending">
<reliableSession inactivityTimeout="00:20:00" enabled="true" />
<security mode="None"></security>
</binding>
I also know that I can use a certificate to somehow secure the service. But actually that did not work for me yet. I configured a behaviour for the service like this:
<behavior name="tcpBehavior">
<serviceMetadata httpGetEnabled="false" httpGetUrl=""/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceThrottling maxConcurrentCalls="100" maxConcurrentSessions="100"/>
<serviceCredentials>
<serviceCertificate findValue="GeoTrust SSL CA - G2" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
The binding would look like this:
<binding name="tcpBinding"
maxBufferSize="67108864"
maxReceivedMessageSize="67108864"
maxBufferPoolSize="67108864"
transferMode="Buffered"
closeTimeout="00:02:00"
openTimeout="00:02:00"
receiveTimeout="00:20:00"
sendTimeout="00:02:00"
maxConnections="100">
<security mode="Transport" />
<readerQuotas maxArrayLength="67108864"
maxBytesPerRead="67108864"
maxStringContentLength="67108864"/>
<reliableSession enabled="true" inactivityTimeout="24:00:00"/>
</binding>
and the endpoint like this:
<service name="MessageSendingService" behaviorConfiguration="tcpBehavior" >
<endpoint address="" binding="netTcpBinding" bindingConfiguration="tcpBinding"
contract="IMessageSending" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
Actually I don't really know how to configure the client to work with this.
My (not working) client configuration:
<binding name="NetTcpBinding_IMessageSending">
<reliableSession inactivityTimeout="00:20:00" enabled="true" />
<security mode="Transport">
</security>
</binding>
Or is there an error in my configuration?
As a matter of fact the service request fails with a SecurityNegotiationException. Is there anybody who can tell me how to configure a NetTcpBinding service with transport or message security which has anonymous clients?
Thanks in advance.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
