WCF Duplex Communication Security Configurations
Consider the scenario where the WCF Service has been hosted on Server A where it provides call back contracts for clients to be registered with and get notifications. In order to make the communication works some security settings must be considered.
Without defining these configurations the server will be blocking the creation of any channel initiated by the client to perform the duplex communication.
In the example below the security mode “None” has been chosen. According to the security level which you want to implement on your server you might use other security mode such as Message, Transport, or TransportWithMessageCredential.
Service configuration
In the service endpoint configuration add an identity configuration to the dual endpoint.
...
<service name="Ninetyfive.Services.ClientNotificationService" behaviorConfiguration="DefaultServiceBehavior">
<endpoint name="dualHttpService" bindingConfiguration="dualHttpService"
address="" binding="wsDualHttpBinding" contract="Ninetyfive.Services.Contracts.IClientNotificationService">
<identity>
<dns value="ServerA"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
In the binding configuration add security configuration with mode as “None”:
...
<wsDualHttpBinding>
<binding name="dualHttpService" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
Client configuration
In the client endpoint configuration add the same identity value as it has been defined on the server configuration:
In the client endpoint configuration add the same identity value as it has been defined on the server configuration:
...
<endpoint address="http://172.16.20.50/NotificationService/ClientNotificationService.svc"
binding="wsDualHttpBinding" bindingConfiguration="dualHttpService"
contract="NotificationCallback.IClientNotificationService"
name="dualHttpService">
<identity>
<dns value=" ServerA " />
</identity>
</endpoint>
</client>
In the binding configuration follow the same security mode as in the server configuration:
...
<binding name="dualHttpService" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646"
useDefaultWebProxy="true" messageEncoding="Text" textEncoding="utf-8">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
Please note that in order for the duplex communication to work the server must be able to ping the each client by its machine name. You need to check you network DNS Server to make sure the server and clients can see each other.
You can use hosts file on the server and map each machine’s name to their respective IP address.
What about the case where a DNS server is not used ? On a closed network ? This is where I
have the same problem described above. On the
corporate network, though, no problem.