How to use netTcpBinding with Message level security?

Question

I am migrating my WSE3 services to WCF platform. Clients are going to be legacy WSE3 clients.

To achieve some requirements, I have created custom service behavior. The configuration (in web.config) for the service behavior contains the serviceCertificate element.

This behavior is applied to my service using behaviorConfiguration setting. Now I want to call one WCF service from another WCF service hosted in the same IIS 7.5. So I added the netTcpBinding (and netNamedPipeBinding too). When I invoked an OperationContract of another service from any WCF service, it used to give me Access is denied. error. I removed the behaviorConfiguration setting for the service and then netTcpBinding (and netNamedPipeBinding) worked.

Configuration as below:

<services>
          <service name="Services.AuthorizationService" behaviorConfiguration="LegacyBehavior">
            <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" >
            <endpoint
              name="AuthorizationService"
              address=""
              binding="wsHttpBinding"               contract="ServiceContracts.IAuthorizationService" />
            <endpoint address="net.pipe://localhost/TestSite/AuthorizationService.svc"
                   binding="netNamedPipeBinding"                   contract="ServiceContracts.IAuthorizationService"
                   name="AuthorizationNamedPipeEndpoint"/>

The service behavior configuration in web.config is:

<behavior name="LegacyBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483646"/>
          <serviceAuthorization
            principalPermissionMode="Custom"
            serviceAuthorizationManagerType="Legacy.AuthorizationManager,Legacy.Services" >
          <serviceDebug
            httpHelpPageEnabled="true"
            includeExceptionDetailInFaults="true" />
          <serviceMetadata httpGetEnabled="true" />
          <serviceCredentials>
            <serviceCertificate
              findValue="CN=WSE2QuickStartServer"
              storeLocation="LocalMachine"
              storeName="My"
              x509FindType="FindBySubjectDistinguishedName" />
            <issuedTokenAuthentication
              audienceUriMode="Always"
              certificateValidationMode="PeerOrChainTrust"
              revocationMode="NoCheck"
              trustedStoreLocation="LocalMachine"
              samlSerializerType="Legacy.TokenSerializer, Legacy.Services"
              allowUntrustedRsaIssuers="false">
              <allowedAudienceUris>
                <add allowedAudienceUri="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue/SAML" />
              </allowedAudienceUris>
            </issuedTokenAuthentication>
          </serviceCredentials>
        </behavior>

The binding configuration for netTcpBinding is as follows:

I want to know,

How to use the netTcpBinding in such scenario?
can I use two different behaviors for the same service? If yes, how?
If no, How can I achieve named pipe binding in this scenario?
Why would server certificate related stuff be causing Access is denied error? There is no inner exception; just Accedd denied message!

Added configuration for reference and edited questions at the end too. — Learner, Aug 09 '11 at 10:35
Try to add custom `namedPipeBinding` configuration and turn off its security. You cannot add two different behavior configurations to the service. — Ladislav Mrnka, Aug 09 '11 at 10:40
@Ladislav Mrnka : Security setting for the named pipe binding is already set to `None`. Can I achieve something programmatic? — Learner, Aug 09 '11 at 10:51

How to use netTcpBinding with Message level security?

0 Answers0