Transport security (https) and metadata exchange (mex) is not possible? RRS feed

  • Question

  • I want to host a web service via WCF and the transport should be encrypted/secured (using https). I still want to be able to download the metadata via net.tcp (using mex).


    <?xml version="1.0"?>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
        <compilation debug="true" targetFramework="4.6"/>
        <httpRuntime targetFramework="4.6"/>
          <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"/>
            <behavior name="MetadataExchangeBehavior">
              <serviceMetadata />
            <binding name="TransportSecurityBinding">
              <security mode="Transport">
                <transport clientCredentialType="Basic" />
          <service name="Service.Interface.ApplicationService" behaviorConfiguration="MetadataExchangeBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurityBinding" name="wsHttpEndpoint" contract="Service.Interface.IApplicationService"/>
            <endpoint address="mex" binding="mexTcpBinding" kind="mexEndpoint"/>
                <add baseAddress="https://localhost:9800/ApplicationService"/>
                <add baseAddress="net.tcp://localhost:9900/ApplicationService"/>
        <modules runAllManagedModulesForAllRequests="true">
          <remove name="ApplicationInsightsWebTracking"/>
          <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"
        <validation validateIntegratedModeConfiguration="false"/>


          <add name="http" />
          <site name="Service.Interface" id="1">
            <application path="/" applicationPool="Clr4IntegratedAppPool">
              <virtualDirectory path="/" physicalPath="D:\Offline Files\Software Files\Program Files\Microsoft\Visual Studio\Workspaces\PinIt\PinIt\Developing\Service\Service.Interface" />
              <binding protocol="http" bindingInformation="*:9800:localhost" />
            <logFile logFormat="W3C" directory="%IIS_USER_HOME%\Logs" />
            <traceFailedRequestsLogging directory="%IIS_USER_HOME%\TraceLogFiles" enabled="true" maxLogFileSizeKB="1024" />
          <applicationDefaults applicationPool="Clr4IntegratedAppPool" />
          <virtualDirectoryDefaults allowSubDirConfig="true" />

    The link to the metadata should be: net.tcp://localhost:9900/ApplicationService/mex, but if i try to the service to the WCF Test Client following error is thrown:

    Error: Cannot obtain Metadata from net.tcp://localhost:9900/ApplicationService/mex 
    If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. 
    For help enabling metadata publishing, please refer to the MSDN documentation at 
    Exchange Error URI: net.tcp://localhost:9900/ApplicationService/mex Metadata contains a reference that cannot be resolved: 'net.tcp://localhost:9900/ApplicationService/mex'. 
    Could not connect to net.tcp://localhost:9900/ApplicationService/mex. 
    The connection attempt lasted for a time span of 00:00:02.0008800. 
    TCP error code 10061: No connection could be made because the target machine actively refused it 
    No connection could be made because the target machine actively refused it

    I used netstat to figure out if the port was listening. Only 9800 was listening: Proof

    Summary: What I want:

    • WCF Service using https on port 9800
    • Transport should be secured with a username and password
    • Metadata exchange using net.tcp on port 9900

    What doesn't work:

    • Can't obtain metadata
    • Port 9900 not listening

    Sunday, December 20, 2015 1:59 PM


  • Hi SirApfelstrudel,

    According to this case,  I create a test project to reproduce this case. And it works fine.

    So, first we need to make those service are running. I host my service on IIS, so I need to

    make sure that has been supported net.tcp protocol. Then I run the service URL in my browser,

    the result as shown below:

    Then I add the service reference via SvcUtil.exe tool to client. It successfully.

    For more information, please refer to the following articles:

    1.Hosting WCF Service with netTcpBinding on IIS7

    2.Using SvcUtil.exe

    Best Regards,

    Wanjun Dong

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Wednesday, December 23, 2015 10:20 AM