NetTcpBinding wcf service with remote access AND transport security?

StackOverflow https://stackoverflow.com/questions/2277644

  •  21-09-2019
  •  | 
  •  

Question

I am struggling with a WCF issue relating to name resolution-or something like so. When I consume a wcf service (netTcpBinding) on an application server via a web application on the web server it doesn't work. Ok it doesn't work in most situations. If you access the web application from the web server itself using localhost or 127.0.0.1 it works. However accessing it through the web server via another client machine or accessing the web application locally on the web server using the host name or IP address does not work. In both instances you get a socket connection aborted error.

What makes it more interesting is that switching all the security to 'none' as opposed to 'transport' resolves the issue.

My question is, is it possible to access wcf services using your web server and still use transport security? Or is this a bug/designed behaviour?

Many thanks for any insight, Steve

Was it helpful?

Solution

  1. The default NetTcpBinding security option is Kerberos / Windows Authentication. If your client and service are not on the same domain it will not work. You may need to look at certificate based authentication.

  2. If you your service is running under a domain account, try changing it to LocalService or NetworkService to see if it resolves the issue.

OTHER TIPS

Transport security typically only works point-to-point - when the client connects directly to the server.

If you have clients that come in from the internet, you have no control over how many intermediary hops they go through - so Transport security, even if you get it to work, will most likely not work at all, e.g. your message might be protected from the client to the first hop, and from the last hop to your server - but not in between hops.

For an internet scenario, typically, Transport security is not a valid option - use Message Security for those cases.

I'm not 100% sure why the connection wouldn't work at all - but in any case, if you're not behind a corporate firewall, I wouldn't be using netTcp with transport security in such a scenario.

Could you please add your server side config (anything inside <system.serviceModel>) to your question to see how you set up Transport security?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top