wcfcredentialsnettcpbinding

netTcpBinding without Windows credentials?


I've got a machine-control application where I have a single client computer and five server boxes communicating on the machine subnet. There is no domain controller. I would like to use netTcpBinding to allow for reliability and transaction support.

Is is possible to use username / password authentication with this binding, when a domain controller is not present? I would prefer not to use a certificate as I don't want to manage certificates across 900 computers (150 machines) that will not be connected to the office LAN.


Solution

  • Yes, of course - but only if you use Message security (rather than transport security). Define your binding configuration like so:

      <netTcpBinding>
        <binding name="UserNameSecurity">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </netTcpBinding>
    

    and then reference that binding configuration in your endpoints (on server and client):

     <endpoint address="....."
               binding="netTcpBinding"
               bindingConfiguration="UserNameSecurity"
               contract="IMyService" />
    

    Marc

    UPDATE:
    Ah, yes, on the server-side, you'll need a certificate to authenicate the service to the client calling it, and it's also used to encrypt+sign the messages. That's on the server only - clients need not install anything.

    Configuration:

    <behaviors>
      <serviceBehavior>
        <behavior name="ServerInternet">
          <serviceCredentials>
            <serviceCertificate
               findValue="MyServiceCertificate"
               storeLocation="LocalMachine"
               storeName="My"
               x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehavior>
    </behaviors>
    <services>
      <service name="MyServiceInternet"
               behaviorConfiguration="ServerInternet">
         ....
      </service>
    </services>
    

    Make sure to install your server's certificate into the "Local Machine" folder on your server, under the "subject name" that you specify in your config.