Develop Reference

WCF Service Metadata Exchange over TCP

I created a WCF Service hosted on IIS. With HTTP binding everything ist working fine. But when I switch to TCP binding it doesn't work any more. I tried every hint I found on the web, but no success.
Already done:
installed Windows-Feature "WCF-Non-Http-Activation"
activated Windows Service Net.Tcp-Listener Adapter
In WcfTestClient the service can't be added. But maybe this tool doesn't support TCP(?) so I also tested in Visual Studio by trying to add a service reference.
Error Message when trying to add the service in VS:
An error occurred while attempting to find services at 'net.tcp://hostname:19099/Namespace/Company.Service.svc/mex'. No IPEndpoints were found for host hostname. Details: Metadata contains a reference that cannot be resolved: 'net.tcp://hostname:19099/Namespace/Company.Service.svc/mex'.
This is my current web.config (anonymized) - what am I doing wrong?
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation targetFramework="4.8"/>
<httpRuntime targetFramework="4.8"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="Company.Namespace.Service" behaviorConfiguration="ServiceBehavior">
<endpoint name="ServiceEndpoint" address="" binding="netTcpBinding"
bindingConfiguration="ServiceNetTcpBinding" contract="Company.Namespace.IService"/>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://hostname:19099/Namespace/Company.Service/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="ServiceBasicHttpBinding" sendTimeout="00:01:00" receiveTimeout="00:01:00" openTimeout="00:01:00" closeTimeout="00:01:00"/>
</basicHttpBinding>
<netTcpBinding>
<binding name="ServiceNetTcpBinding" sendTimeout="00:01:00" receiveTimeout="00:01:00" openTimeout="00:01:00" closeTimeout="00:01:00"
transferMode="Buffered" transactionFlow="false" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536" portSharingEnabled="false" transactionProtocol="OleTransactions">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Transport">
<message clientCredentialType="None"/>
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
</security>
</binding>
</netTcpBinding>
<wsHttpBinding>
<binding name="ServiceWsHttpBinding" sendTimeout="01:00:30" receiveTimeout="01:00:30"/>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>

When you say that you cancel the maximum number of connections and it works, does that mean that the maximum number of connections limits your network?
As far as I know, IIS 5/6 does not support non-HTTP services. IIS7 supports Net TCP, but you must install WAS first. Refer to the following steps:
Control Panel -- Programs and Features -- Turn Windows features on or off and install WAS.
Check whether non-HTTP support is enabled for WCF. Select the same interface in .NET Framework.
Add the Net TCP binding to the site and enable the Net TCP protocol.
Further details can also be found in this docs.

Could not find a base address that matches scheme net.tcp for the endpoint with binding NetTcpBinding. Base address schemes are [http]

I have this configuration for my WCF service which runs on IIS Express port number 50187. The service is hosted on IIS Express of Visual Studio 2017:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="QCConsumerBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="50000000" maxBufferPoolSize="5242880" maxReceivedMessageSize="50000000" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="QCWCFService.QCService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="QCConsumerBinding" contract="QCWCFService.IQCService" />
</service>
<service name="QCWCFService.QCFinalService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="QCConsumerBinding" contract="QCWCFService.IQCFinalService" />
</service>
<service name="QCWCFService.CalibrationService">
<endpoint address="service" binding="netTcpBinding" contract="QCWCFService.ICalibrationService" />
<endpoint address="" binding="wsDualHttpBinding" contract="QCWCFService.ICalibrationService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8080/CalibrationService" />
<add baseAddress="http://localhost:8081/CalibrationService" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="wsDualHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
But when I try to run the service it gives this exception:
System.InvalidOperationException: Could not find a base address that matches scheme net.tcp for the endpoint with binding NetTcpBinding. Registered base address schemes are [http].
While I have another application with the same configuration for Dual Http Binding which works perfectly

By default, The IIS express doesn’t support Net.tcp protocol.
The service endpoint with Nettcpbinding requires a base address based on NetTcp protocol.
<endpoint address="service" binding="netTcpBinding" contract="QCWCFService.ICalibrationService" />
Although we provide a Nettcp base address by using the Host Section, It won’t work. This is due to the fact IIS express use self-configuration to provide a base address to run the current project. The configuration of IIS express usually located in the .vs folder of the current Solution, called applicationhost.config
If we run this project in a console application with this configuration, it will work. Thereby we should provide one base address with Nettcp protocol. This can be completed in IIS.
1. Enable windows feature for net.tcp protocol.
2. Add Net.tcp support on the website.
3. Add net.tcp protocol in site binding module.
Please refer to the below for details of adding net.tcp protocol to a website.
WCF ContractFilter Mismatch when enabling Reliable Session
Feel free to let me know if the problem still exists.

Delegate IIS Application Pool account to WCF service calls

I have developed a WCF service which is running in IIS (IIS 7.5 to be exact). This service runs under its own app pool, under a specific domain identity. This service references & calls other WCF services hosted elsewhere in the network, which in turn access various resources (Event Log, SQL Servers etc).
Calls to my service are authenticated using username & password, through a custom UserNamePasswordValidator. The username(s) used are not domain credentials.
What I'm trying to do, is that when my service is called & it in turn calls the referenced services using the generated proxy classes, that it delegates the application pool identity as the calling identity, since this domain account has been granted rights to access the background resources like SQL Server.
My current implementation is as follows:
Service Configuration
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="RemoteServiceBinding" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="MyServiceBinding" closeTimeout="00:10:00" openTimeout="00:10:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" />
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://remote.service.address/Service.svc"
binding="basicHttpBinding" bindingConfiguration="RemoteServiceBinding"
contract="RemoteService.IRemoteService" name="RemoteServiceBinding" />
</client>
<services>
<service name="MyService.MyService" behaviorConfiguration="MyServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyServiceBinding" contract="MyService.IMyService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/MyService/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
<serviceCertificate findValue="AuthCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyService.CredentialValidator, MyService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Service behavior code
using (var client = new Proxy.RemoteServiceClient()) {
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
return client.PerformAction();
}
Using this code, whenever a client makes a call to my service, the following is thrown:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.
Could someone please assist me, or point me in the right direction on how to implement this authentication configuration?

I've managed to find a working solution. It is implemented as such:
The client proxy credentials need to be set to those of the IIS Application Pool, since these don't get picked up automatically:
client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
Also, the remote service I was connecting to had a service principal that needed to be included in the endpoint configuration. So I modified the config that was generated by the VS tooling to the following:
<client>
<endpoint address="http://remote.service.address/Service.svc"
binding="basicHttpBinding" bindingConfiguration="RemoteServiceBinding"
contract="RemoteService.IRemoteService" name="RemoteServiceBinding">
<identity>
<servicePrincipalName value="spn_name" />
</identity>
</endpoint>
</client>
With this configuration, I was able to authenticate to my service by username & password, then have my service access a SQL Server instance using the domain credentials that the application pool was running under in IIS.

IMetadataExchange WCF Configuration Error

I am getting the below error message in my WCF service. Below is my web,config. I have tried a few things and nothing has resolved the error. Any help is appreciated.
The contract 'IMetadataExchange' in client configuration does not
match the name in the service contract
<?xml version="1.0"?>
<configuration>
<connectionStrings/>
<system.web>
<compilation strict="false" explicit="true" targetFramework="4.0" debug="true"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="SNCBinding" closeTimeout="00:10:00" openTimeout="00:10:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" textEncoding="utf-8">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
<services>
<service name="SNC.MaterialRequest.WCF.MaterialRequest">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="SNCBinding"
contract="SNC.MaterialRequest.WCF.MaterialRequest" />
</service>
</services>
</system.serviceModel>
</configuration>

Have you installed the .Net Services SDK by any chance?
See: http://azure.snagy.name/blog/?tag=imetadataexchange
It sounds like it adds a client endpoint for IMetaDataExchange in your machine.config. So you can either delete it out of your machine.config, or add
<client>
<remove contract=”IMetadataExchange” name=”sb” />
</client>
to every app.config/web.config from now on.
EDIT: Note that this shouldn't affect your actual application, it's just a warning that you can ignore. It's mentioned here, also: http://blogs.msdn.com/b/wcftoolsteamblog/archive/2008/08/28/tips-for-wcf-tools-in-vs2008-sp1.aspx

Here is the issue :
contract="SNC.MaterialRequest.WCF.MaterialRequest"
It's not same as IMetadataExchange in error. So it's either wrong in server side config, or in client side config. Altough I would say in server side, since this should be interface.

WCF authentication schemes mismatch?

I am using .Net 3.5 and attempting to configure a WCF service and am receiving the exception, The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. I have attached my server-side and client-side .config files below.
Just a couple of notes. The application and service are both using impersonation due to network access requirements. The web application resides on a different server than the WCF service. Both also have the following specified in their respective web.config files.
<authentication mode="Windows"/>
<identity impersonate="true" userName="userName" password="password"/>
Web Application (on server1)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IReports" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="false" proxyAddress="http://server2/Services/ReportService">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_IReports" address="http://server2/Services/ReportService/Reports.svc"
binding="basicHttpBinding" contract="WCFServiceRef.IReports" bindingConfiguration="BasicHttpBinding_IReports"
behaviorConfiguration="ClientBehavior"/>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior" >
<clientCredentials supportInteractive="true" >
<windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
WCF Service (on server2)
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
<basicHttpBinding>
<binding name="default" maxReceivedMessageSize="200000">
<readerQuotas maxStringContentLength="200000" maxArrayLength="200000"/>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ReportService.ReportsBehavior" name="ReportService.Reports">
<endpoint address="" binding="basicHttpBinding" contract="ReportService.IReports" bindingConfiguration="default">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint name="mex" address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="default"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ReportService.ReportsBehavior">
<serviceAuthorization impersonateCallerForAllOperations="false"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I thought that if I were to apply the allowNtlm="true" directive in the application that this would be fixed. It seems to me that the server is expecting Windows authentication but is not receiving it? Due to the application and service residing on different servers do I need to use the proxy values? I feel that I'm not understanding something basic but whether it's on the server-side IIS configuration or simply in my application I don't know.
Thanks for any help!

This sample from MSDN for basicHttpBinding with TransportCredentialOnly shows how to set it up. Your config is very similar except that it is also setting message level security. I'd try removing the message element from the config to see if that is the cause of the problem.
I don't believe the problem is passing the impersonation credentials themselves but the TransportCredentialOnly configuration. Also, make sure IIS is configured to support Windows authentication on the WCF server.