none
Why does NetTcpBinding with Transport encryption not use SSL? RRS feed

  • Question

  • I am using NetTcpBinding with Transport encryption. Yet when I check the connection with WireShark, I can see that it is not encrypted, even though I am setting it explicitly:

    var binding = new NetTcpBinding(SecurityMode.Transport, true);
    binding.Security.Transport.SslProtocols = SslProtocols.Tls12;


    How can I make it using Transport level security, e.g. - Tls2?

    Monday, November 2, 2020 11:51 PM

Answers

  • To use the NetTcpBinding with a certificate for transport security:

    1. Create an instance of the NetTcpBinding class and set the Mode property to TransportWithMessageCredential.

    2. Set the ClientCredentialType to an appropriate value. The following code uses the Certificate value.

    3. Create an instance of the Uri class with an appropriate base address. Note that the address must use the "net.tcp" scheme.

    4. Create the instance of the ServiceHost class.

    5. Use the SetCertificate method of the X509CertificateRecipientServiceCredential class to explicitly set the X.509 certificate for the service.

    6. Add a service endpoint using the AddServiceEndpoint method.

    7.Call the Open method, as shown in the following code:

    NetTcpBinding b = new NetTcpBinding(SecurityMode.TransportWithMessageCredential);
    b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    Uri netTcpAdddress = new Uri("net.tcp://baseAddress");
    ServiceHost sh = new ServiceHost(typeof(Calculator), netTcpAdddress);
    sh.Credentials.ServiceCertificate.SetCertificate(
        StoreLocation.LocalMachine, StoreName.My,
        X509FindType.FindByIssuerName, "Contoso.com");
    sh.AddServiceEndpoint(typeof(ICalculator), b, "TcpCalculator");
    sh.Open();
    Console.WriteLine("Listening");
    Console.ReadLine();


    • Edited by Peng Ding Monday, November 9, 2020 1:49 AM
    • Marked as answer by Aleksey Malyshev Sunday, November 22, 2020 2:29 AM
    Monday, November 9, 2020 1:49 AM

All replies

  • To use the NetTcpBinding with a certificate for transport security:

    1. Create an instance of the NetTcpBinding class and set the Mode property to TransportWithMessageCredential.

    2. Set the ClientCredentialType to an appropriate value. The following code uses the Certificate value.

    3. Create an instance of the Uri class with an appropriate base address. Note that the address must use the "net.tcp" scheme.

    4. Create the instance of the ServiceHost class.

    5. Use the SetCertificate method of the X509CertificateRecipientServiceCredential class to explicitly set the X.509 certificate for the service.

    6. Add a service endpoint using the AddServiceEndpoint method.

    7.Call the Open method, as shown in the following code:

    NetTcpBinding b = new NetTcpBinding(SecurityMode.TransportWithMessageCredential);
    b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    Uri netTcpAdddress = new Uri("net.tcp://baseAddress");
    ServiceHost sh = new ServiceHost(typeof(Calculator), netTcpAdddress);
    sh.Credentials.ServiceCertificate.SetCertificate(
        StoreLocation.LocalMachine, StoreName.My,
        X509FindType.FindByIssuerName, "Contoso.com");
    sh.AddServiceEndpoint(typeof(ICalculator), b, "TcpCalculator");
    sh.Open();
    Console.WriteLine("Listening");
    Console.ReadLine();


    • Edited by Peng Ding Monday, November 9, 2020 1:49 AM
    • Marked as answer by Aleksey Malyshev Sunday, November 22, 2020 2:29 AM
    Monday, November 9, 2020 1:49 AM
  • Right, I see. Think the problem is that I need to use SecurityMode.TransportWithMessageCredential, SecurityMode.Transport only does not start TLS because it cannot identify the user and by default they use NTLM authentication.
    Sunday, November 22, 2020 2:33 AM