none
Anonymous authentication net.tcp service with message security fails RRS feed

  • Question

  • Hi,

    I am trying to create a service that uses net.tcp binding and has message security enabled. I have a self-signed certificate, but I have set properties to ensure it would be accepted. I do not use proxies, rather I use the ClientBase<> class in my code with the actual ServiceContract shared between the server and client projects.

    When I set the ClientCredentialType = MessageCredentialType.None the service fails (I do set the property both on the server and the client!). The error message in the Exception is the following:

    SecurityNegotiationException: The caller was not authenticated by the service. (with an InnerException FaultException: The request for security token could not be satisfied because authentication failed)

    Which I find rather strange, because how can authentication fail, when I require no credentials (anonymous service)? If I set the ClientCredentialType = MessageCredentialType.Windows then everything works fine. So I guess the problem is not with the certificate (because it gets accepted in the Windows case), but what else can go wrong?

    Here is the code I use. I do not use configuration, rather do everything in code. I tried using localhost, machinename, machinename with domain in the endpoint address, but that does not affect the end result.

    Server side:

                ServiceHost host = new ServiceHost ( typeof ( ChatServer ) );
                NetTcpBinding tcpBinding = new NetTcpBinding ();
                tcpBinding.Security.Mode = SecurityMode.Message;
                tcpBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;

                X509Certificate2 cert;
                // load cert here
                host.Credentials.ServiceCertificate.Certificate = cert;

                host.AddServiceEndpoint ( typeof ( IChat ), tcpBinding, @"net.tcp://[machinenamehere]:9991/IChat" );
                host.Open ();
                Console.ReadLine ();
                host.Close ();

    And the client side:

                NetTcpBinding tcpBinding = new NetTcpBinding ();
                tcpBinding.Security.Mode = SecurityMode.Message;
                tcpBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
                ChatClient client = new ChatClient ( tcpBinding, new EndpointAddress ( @"net.tcp://[machinenamehere]:9991/IChat" ) );
                client.Chat ( "Hello!" );

    What could be the problem why anonymous mode does not work?

    Thanks!
     -Lenard


    PS. A sidenote. If I try using Transport security with no client credentials, the effect is the same. No client credentials == failure. Windows credentials == success. The error message differs a little though: CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'.
    ----> SocketException: An existing connection was forcibly closed by the remote host
    Wednesday, August 20, 2008 7:35 AM

Answers

  • Hi,

    I actually set up the certificates by hand from the .cer and .pvk files that were generated. Which was exactly the problem, as it turned out.

    After I put the server certificate into the my personal certificate store (along with the private key) my code started working.

    I guess you should always use the certificate store

    -LenardG
    Thursday, August 21, 2008 9:13 AM

All replies