Reputation: 520
NetTcpBinding with Transport mode and ClientCridentialType None mode asking for certificate to start the host
Is that really not possible to use Transport security for netTcpBinding with None authentication? I really don't want to use any certificate for my service, I used below we config for my service and when i am starting my service host i am getting application error i mentioned below(asking for certificate, i didn't even mention about certificate anywhere in app). However after i put the service credentials in the behavior , service start running. Can anyone tell me whats the cause for this?
Error : "The service certificate is not provided. Specify a service certificate in ServiceCredentials. "
<service name="ConsoleApplication1.WCFService1" behaviorConfiguration="" >
<endpoint address="net.tcp://localhost:853/WCFService1" binding="netTcpBinding"
bindingConfiguration="SecurityCheckBinding" name="TCPEndpoint" contract="ConsoleApplication1.IService1" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:853/WCFService1" />
</baseAddresses>
</host>
</service>
<bindings>
<netTcpBinding>
<binding name="SecurityCheckBinding">
<security mode="Transport">
<transport clientCredentialType="None" ></transport>
</security>
</binding>
</netTcpBinding>
</bindings>
This scenario i was getting above mentioned error, but when i just specified the trusted certificate params , it start running.
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehaviour">
<serviceCredentials>
<serviceCertificate findValue="MyTestCA" x509FindType="FindByIssuerName" storeLocation="LocalMachine" storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
Upvotes: 1
Views: 1854
Answers (1)
Reputation: 8937
As you selected NetTpcBinding with Transport security, you stated that channel must be secured on the transport level. For this purpose you should use either Windows SSPI mechanism or generate a Certificate which would be used for the encryption. The first option assumes that you use Windows credentials to make the Encryption processed internally by SSPI libaraies by setting:
<transport clientCredentialType="Windows"></transport>
In this case the proccess will be transparent, but in case when your client is on the other domain, you have to apply extra cross-domain trust settings. Another option is installing certificate, which is quite easy and has lots of examples in the internat:
<transport clientCredentialType="Certificate"></transport>
The certificate is auto-signed (generated on the server itself) so it doesn't cost you some money an you need it on the server only - clients need not install anything.
Even if you state None credentials, you still need to provide certificat for the encryption:
<transport clientCredentialType="None"></transport>
And you still have an option to not to use the security, then your massages will be in the plane text. To turn off security just change transport security by setting:
<security mode="None">
Upvotes: 1
Related Questions
- WCF Trasnport security with certificate client credentials using NetTcpBinding throws error on distributed system
- Exception in configuring Transport Security in Self Hosted Service using NetTcpBinding in WCF
- WCF over TCP with username authentication and no certificates
- WCF Certificate Authentication with Service Only (No Client Cert)
- Can I use NetTcpBinding with transport security (https) but without client certificate
- Client Certificate for WCF NetTCP Transport binding
- Enabling certificate based authentication for WCF service using netTcpBinding
- WCF WsHttpBinding Certificate Transport Security - Windows Certificate Configuration
- Certificate invalid forb netTCP in WCF
- WCF with netTcpBinding and Certificate transport security