none
Server refused client credentials ? Why when <security mode="None"> RRS feed

  • Question

  • Hello all,

    still working on my WCF problem - I changed the used transportlayer to netTcpBinding - and at least it feels like I got closer ... but still no communication

    Upon connecting I get now Error : The Server refused the client credentials - System.ServiceModel.Security.SecurityNegotiationException: The Server refused client credentials. ---> System.Security.Authentication.InvalidCredentialException .... -> Systen,ComponentModel.Win32Exception  ..connection try failed

    Now obviously that doesn't make any sense to me - since the web.config contains 

        <bindings>
          <netTcpBinding>
            <binding name="DataService">
              <security mode="None"/>
            </binding>
          </netTcpBinding>
        </bindings>
    

    And the service makes use of this "DataService" binding - which I can see when using Visual Studio and Add the Service Reference to this service. 

    The Service is hosted on a Windows 2019 Server in IIS 10.0 and is bound to 2 ports - 50110 for the meta-data transport which I can check in client's browser and 50111 for the actual net.tcp data transport.

    What I don't understand is that security none is ignored and the client connection is then refused with the above mentioned error.

    my client code 

       if (this.channelFactory == null)
       {
          NetTcpBinding binding = new NetTcpBinding() { Name = "DataService" };
          InstanceContext context = new InstanceContext(this.myCallbacks);
          Uri remoteAddr = new Uri("net.tcp://server:50111/Service.svc/service");
          EndpointAddress endpoint = new EndpointAddress(remoteAddr);
          this.channelFactory = new DuplexChannelFactory<CallbackService.IDataService>(context, binding, endpoint);
       }
       if (this.channel==null)
          this.channel = this.channelFactory.CreateChannel();
    ...
    
    this.channel.AddListener(int-variable);
    If I omit the binding / address in above code and rely on the app.config instead I get errors that the Endpoint-Address is null and it fails ... but how do I tell in the code above that I want no transport security for now ?

    Thursday, April 9, 2020 12:52 PM

All replies

  • Hi,
    Whether the service is configured with transport security depends on the configuration on the server-side. 
    Although you have code snippets of setting up the security mode, I don’t think it will take effect. I reckon you might forget to apply the binding configuration to the service endpoint.
     
    <services>
          <service  name="ConsoleApp3.TestService" behaviorConfiguration="mybeh">
            <endpoint address="" binding="netTcpBinding" bindingConfiguration="DataService" contract="ConsoleApp3.ITestService"></endpoint>
            <host>
              <baseAddresses>
                <add baseAddress="http://localhost:21011/"/>
              </baseAddresses>
            </host>
          </service>
        </services>
        <bindings>
          <netTcpBinding>
            <binding name="DataService">
              <security mode="None"></security>
            </binding>
          </netTcpBinding>
    </bindings>

    On the client-side, we should explicitly specify set up the binding when calling the service by using Channelfactory.
    Uri uri = new Uri("http://10.157.13.69");
                NetTcpBinding binding = new NetTcpBinding();
                binding.Security.Mode = SecurityMode.None;
                ChannelFactory<IService1> channel = new ChannelFactory<IService1>(binding, new EndpointAddress(uri));
                IService1 service = channel.CreateChannel();
    

    Alternatively, we could generate a client proxy with Adding service reference tool. It will generate a proper binding.
    Feel free to let me know if there is anything I can help with.
    Wednesday, April 15, 2020 9:02 AM
    Moderator