-=B3N=-

I can get my service to start with security mode 'Transport' or 'Message' under netTcpBinding (but only with the clientCredentialType of 'Windows'), but I can't get 'TransportWithMessageCredential' with 'UserName' (as below).

The service fails to start when I try this, and I get the message "The service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs". I can't figure out why it possibly won't accept this, and it's really frustrating as there are countless examples on the net where this same configuration is used, apparently without problem.


<bindings>
<netTcpBinding>
<binding name="WindowsClientOverTcp">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netTcpBinding>
</bindings>


Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

Juan Wajnerman

You are hosting the service inside a windows service, right Did you try to debug it to obtain a more meaningful exception Or maybe you can try to test the same configuration in a console application.

Could you provide an example about how are you configuring the rest of the service (endpoint, behavior, etc). There is nothing wrong in your binding configuration, but maybe there is something missing somewhere else.

- Juan





Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

bmcneill0

Thanks for your reply.

Not sure how to have Windows give more debugging information. I'm starting the service from Windows Services (Admin Tools) in Windows iteself.

Please find below my entire app.config:


< xml version="1.0" encoding="utf-8" >
<configuration>
<system.serviceModel>
<services>
<service name="WCFLocalService.PCPLocalService" behaviorConfiguration="metadataBehavior">
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint address="net.tcp://localhost:1234/PCPLocalService" binding="netTcpBinding" contract="WCFLocalService.IService1" bindingConfiguration="WindowsClientOverTcp"/>
<endpoint address="net.pipe://localhost/PCPLocalService" binding="netNamedPipeBinding" contract="WCFLocalService.IService1"/>
<endpoint address="http://localhost:7777/PCPLocalService/http" binding="wsHttpBinding" contract="WCFLocalService.IService1"/>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="WindowsClientOverTcp">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="metadataBehavior">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>




Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

Juan Wajnerman

Ok, the problem I can see is that you're missing the service certificate. This is needed because WCF by default enforces a secure connection for UserName credentials. You can configure it adding to the behavior:

<serviceCredentials>

<serviceCertificate x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" findValue="localhost" />

</serviceCredentials>

Of course, previously you need a x509 certificate installed.

BTW, you should be doing some logging in your service, to diagnose issues like this. Another option for this case would be enabling WCF diagnostics. It will provide a lot information for this error.

Tell me if you need more details.

- Juan





Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

bmcneill0

Thanks Juan.

Where's the best place to get a 509

Also, would this method be ideal for having the UserName checked against the usernames contained in the table of a backend database

Regards
Ben




Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

Juan Wajnerman

If the service is for internal use, you can use the windows certificate service to create a certificate authority and x509 certificates for your service. Otherwise, you should buy a certificate.

For development purpouses, you can use a self-signed certificate created using makecert.exe. You can see and example here: http://www.inventec.ch/chdh/notes/14.htm

About the username database, the answer is: yes, definitely. WCF supports out of the box validation using ASP.NET membership & roles. For configuration and more information: http://msdn2.microsoft.com/en-us/library/ms731049.aspx

If you have your own database schema, you will need to implement a custom UserNamePasswordValidator. More information about this: http://msdn2.microsoft.com/en-us/library/aa702565.aspx

- Juan





Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

bmcneill0

Thanks for your help Juan.

I'm going to try all this, but need sleep firstSmile Will let you know how I go.

Ben




Re: Windows Communication Foundation (Indigo) Transport & Message Work, but not TransportWithMessageCredential

bmcneill0

So I made a certificate with makercert and it's in the Personal (Me) Certificate Store of the Local Computer.

The reference in the server code is:
<serviceCertificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />

However I notice the certificate (seen in the MMC snapin) has no name field, just Issued to(an address), Issued By, Expiration, etc. How do I get my server to refer to this exact certificate. Should I put 'localhost' in the "Issued To" field