Unable to use NettcpBinding from another computer in my local network

Question

I built a WCF Service in one of my machines of my local network, it has both http and net.tcp (htpp,net.tcp) as enabled protocols in IIS manager.

From another machine a build a client app, and define the endpoints automatically using the Add Service Reference... dialog, I type the service address and when it appears I set the name and click OK. The App.config is updated with two endpoints, one for http (BasicHttpBinding) and the other for net.tcp (NetTcpBinding) as expected.

When running the client app, if I use the BasicHttpBinding:

"using (var proxy = new ProductsServiceClient("BasicHttpBinding_IProductsService"))"

it runs OK, and shows the expected data.

But when I use the NetTcpBinding:

"using (var proxy = new ProductsServiceClient("NetTcpBinding_IProductsService"))"

It throws a SecurityNegotiationException saying that:

"A remote side security requirement was not fulfilled during authentication. Try increasing the ProtectionLevel and/or ImpersonationLevel."

If I do it all in the same machine, I don´t get any exception.

What should I do?

Rafael

score 2 · Accepted Answer · answered Mar 20 '14 at 17:33

By default, the BasicHttpBinding supports no security. So when calling the service from another computer, it will work also. But by default, NetTcpBinding requires a secure channel. And the default security mode is Transport, so when calling the service from another computer, it will throw a security exception.

The most easy way to solve it is to set the security mode to None as following:

<bindings>
    <netTcpBinding>
        <binding name="netTcpBindingConfiguration" >
            <security mode="None" />
    </binding>
</netTcpBinding>

Then we use it in the endpoint

<endpoint address="net.tcp://nelson-laptop:8080/Whatever"
            binding="netTcpBinding"
            bindingConfiguration="netTcpBindingConfiguration"
            contract="ProductsService.IProductsService"
            name="NetTcpBinding_IProductsService" />

score 0 · Answer 2 · answered Mar 17 '14 at 20:30

0

In Your question you are using the default net.tcp port 808 but have opened port 80 in the firewall. If it is not a typo in the question it could be why it fails.

answered Mar 17 '14 at 20:30

Shiraz Bhaiji

64,065
34
143
252

Ok, I also added an inbound rule for port 808, as I did for port 80, but gave it another name (TCP instead of HTTP). And got another error: "A remote side security requirement was not fulfilled during authentication. Try increasing the ProtectionLevel and/or ImpersonationLevel" What can I do here in a way that I can do it everytime I'm installing the service in other networks – Rafael Mar 17 '14 at 21:36
This is now a rights issue, the Security context that you are using to Access the service is not allowed to Access the service. Check Your event logs for more info. – Shiraz Bhaiji Mar 18 '14 at 08:43
I don´t know what exactly will I check in my events logs. I'm a newbie here. I opened Computer Management->Event Viewer->Custom Views->Administrative Events. Don´t know what to look for – Rafael Mar 18 '14 at 14:19

Unable to use NettcpBinding from another computer in my local network

2 Answers2