Securing a Web Service while exposing the mex endpoint publically

Question

I have a service with two declared endpoints if I put no authentication on either endpoint generating a proxy client does not need credentials.  EXAMPLE

  <system.serviceModel>

    <bindings>

      <netTcpRelayBinding>

<binding name="default" connectionMode="Relayed" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:05:00" sendTimeout="00:01:00">

          <security mode="None" relayClientAuthenticationType="None" />

        </binding>

        <binding name="mexdefault">

          <security mode="None" relayClientAuthenticationType="None"/>

        </binding>

      </netTcpRelayBinding>

    </bindings>

    <services>

 

      <service name="OCRService.OcrService" behaviorConfiguration="serviceMetadata">

<endpoint name="OcrService" contract="OCRService.IOcrService" binding="netTcpRelayBinding" bindingConfiguration="default" />

<endpoint name="MexEndpoint" contract="IMetadataExchange" binding="netTcpRelayBinding" bindingConfiguration="mexdefault" address="mex" />

      </service>

    </services>

 

    <behaviors>

      <serviceBehaviors>

        <!-- Application Behaviors -->

        <behavior name="serviceMetadata">

          <serviceMetadata />

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

Now as soon as I secure the service endpoint, but keeping the mex enpoint open EXAMPLE

  <system.serviceModel>

    <bindings>

      <netTcpRelayBinding>

        <binding name="default" connectionMode="Relayed" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:05:00" sendTimeout="00:01:00">

          <security mode="Transport" relayClientAuthenticationType="None" />

        </binding>

        <binding name="mexdefault">

          <security mode="None" relayClientAuthenticationType="None"/>

        </binding>

      </netTcpRelayBinding>

    </bindings>

    <services>

 

      <service name="OCRService.OcrService" behaviorConfiguration="serviceMetadata">

        <endpoint name="OcrService" contract="OCRService.IOcrService" binding="netTcpRelayBinding" bindingConfiguration="default" />

        <endpoint name="MexEndpoint" contract="IMetadataExchange" binding="netTcpRelayBinding" bindingConfiguration="mexdefault" address="mex" />

      </service>

    </services>

 

    <behaviors>

      <serviceBehaviors>

        <!-- Application Behaviors -->

        <behavior name="serviceMetadata">

          <serviceMetadata />

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

The creation of a proxy client now requires security where the mex should still have no security and allow clients to create the proxy class (though needing credentials to use the service).  Will this scenario be supported by launch at PDC?

 

 

---

George Vigelette

Answer 1

any info on getting this scenario to work, this is kind of an important one....

---

George Vigelette

Answer 2

It is working now :) no code change whatsoever

---

George Vigelette