Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to configure transport encryption when using net.tcp?

See original GitHub issue

I would like to migrate an existing service from WCF to CoreWCF. The service uses a certificate (from Windows Cert Store). In WCF this is done via behavior in config file:

<serviceBehaviors> <behavior name="UseMyCert"> <serviceCredentials> <serviceCertificate x509FindType="FindByIssuerName" findValue="MY ISSUING CA"/> </serviceCredentials> </behavior> </serviceBehaviors>

<binding name="streamedSecureTcp" transferMode="Streamed"> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding>

<service behaviorConfiguration="UseMyCert" name="MyNamespace.MyService"> <endpoint address="net.tcp://localhost:800/MyService.svc" binding="netTcpBinding" bindingConfiguration="streamedSecureTcp" name="MyServer" bindingNamespace="http://my.com/service" contract="MyNamespace.IMyService" /> </service>

How can this be done in CoreWCF? Providing the certificate as file would also be ok.

Issue Analytics

State:
Created 3 years ago
Comments:16 (10 by maintainers)

Top GitHub Comments

1reaction

MemoTrapcommented, Mar 3, 2021

With minimal edits, it seemed logical to me to do this: 023be93.

Apparently, this didn’t make it into 0.1.0.

I have applied this patch in my local copy. It also required to implement IServiceDispatcher.ChannelDispatcher in a few other classes, did that with placeholders, throwing not implemented.

It now does work! 😎

1reaction

LukasGelkecommented, Nov 24, 2020

With minimal edits, it seemed logical to me to do this: 023be93b5259911726bd461b9a04df731148681b. It fixes the InvalidOperationException 'The service certificate is not provided. Specify a service certificate in ServiceCredentials.' on host.Run(). Judging by the Find() in SslStreamSecurityUpgradeProvider.CreateServerProvider(...), this should be the correct way to do it. I’m also not so sure about changing IServiceDispatcher, so I’d like hear some feedback.

The Eco example works (as expected), without modifying anything else (apart from Startup, and adding the certificate of course).

Top Results From Across the Web

<security> of <netTcpBinding> - .NET Framework

Transport, Transport security is provided using TLS over TCP or SPNego. The service may need to be configured with SSL certificates.

<transport> of <netTcpBinding> - .NET Framework

Use Transport security for integrity and confidentiality of the SOAP message and for mutual authentication. If this security mode is selected on ...

WCF net.tcp binding with certificate based message ...

Elaboration on initial response. If you want to encrypt the channel, use a binding something like this for transport-level encryption:

Secure a TCP – WCF service at the Message level

NetTcpBinding automatically encrypts data at the transport level by using Transport Layer Security (TLS) over TCP. Adding security at the ...

Fundamentals of WCF Security

NetTcpBinding is secure by default. Specifically, callers must provide Windows credentials for authentication and all message packets are signed and encrypted ...