WCF - changing endpoint address results in securityexception

Question

My WCF Service uses wsHttpBinding and works fine from the client when the service is gerenated by the client using the default options as follows:

RServiceClient R = new RServiceClient();

However, at some point I'll need to be able to specify the location of the service, presumably by changing the endpoint address as follows:

RServiceClient R = new RServiceClient();
R.Endpoint.Address = new EndpointAddress(new Uri "http://xxx.xxxx.xxx:80/RServer/RService.svc"));

However, when I do specify the exact endpoint, I get a SecurityNegotiationException: System.ServiceModel.Security.SecurityNegotiationException was unhandled Message="The caller was not authenticated by the service." Source="mscorlib"....

The WCF service runs on IIS and has anonymous access enabled under IIS admin. Also, this error occurs when the client is run from the same machine as the service under an admin account - I havn't got to the scary part of running it over the net yet!

Any Ideas?

Answer 1

By default, wsHttpBinding uses Windows authentication. I'm not sure how hosting in IIS affects that scenario.

If you don't want security turned on, you can add an element for security and set the mode element to "None" to the config on both ends to turn off the default setting.

I think this may do the trick -- I've added the section for wsHttpBinding and set the bindingConfiguration of your service to point to the newly added binding properties:

<system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBind">
          <security mode="None">
            <transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
            <message clientCredentialType="None" algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
        <service behaviorConfiguration="ServiceBehavior" 
            name="RService">
            <endpoint address="" 
                binding="wsHttpBinding" 
                bindingConfiguration="wsHttpBind" 
                name="RService" 
                contract="IRService"> 
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
            <endpoint address="mex" 
                binding="mexHttpBinding" 
                name="MetadataExchange" 
                contract="IMetadataExchange" />
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
            <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="true"/>
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

Answer 2

Deleting the identity block didn't work, although did give me an idea: If I change the endpoint address from:

        R.Endpoint.Address = new EndpointAddress(new Uri("http://bigpuss.homeip.net/RServer/RService.svc"));

to

        R.Endpoint.Address = new EndpointAddress(new Uri("http://localhost/RServer/RService.svc"));

then everything works fine! Soo, its obviously upset about the nonlocal url address. Are there any other areas in the configuration where security is set up?

Answer 3

check this from your config :

...    
     <identity>
      <dns value="localhost" />
     </identity>
...

afaik wsHttpBinding has message security turned on by default. and when it checks against the dns value "localhost" it fails.

Answer 4

Here is my Service configuration information, i'm using wshttpbinding:

<system.serviceModel>
    <services>
  <service behaviorConfiguration="ServiceBehavior" name="RService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
 name="RService" contract="IRService">
 <identity>
  <dns value="localhost" />
 </identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" name="MetadataExchange"
 contract="IMetadataExchange" />
   </service>
</services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="true"/>
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

Answer 5

Are you using MessageSecurity with certificates? this could be a certificate issue (wrong hostname, self-signed certificate not installed, etc..)