Using multiple distinct TCP security binding configurations in a single WCF IIS-hosted WCF service a
- by Sandor Drieënhuizen
I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet.
WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser
The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host.
I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application.
That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this:
<bindings>
<netTcpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
<binding name="public">
<security mode="Transport">
<message clientCredentialType="Windows"/>
</security>
</binding>
</netTcpBinding>
</bindings>
The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client:
The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server).
In the server trace log, I find the following exception:
Protocol Type application/negotiate was sent to a service that does not support that type of upgrade.
Am I looking into the right direction or is there a better way to solve this?