I have a simple WCF service using a tcp binding that was working great until I added certificate security. Once I did that I began to see about a 45 second delay before the service received the message and processed it. Using WireShark it appears that there is security negotiation of some sort going on and then the service stops responding for about 45 seconds and finally it responds to the client and the data comes across. I removed the security and once again it works in near real time. Does anyone have any experience with something like this?
Here's the service config:
<services>
<service behaviorConfiguration="MEXGET" name="AtcSystemService.AtcSystemService">
<endpoint binding="netTcpBinding" bindingConfiguration="TcpBindingConfig" name="tcpEndpoint" contract="AtcSystemService.IAtcSystemService"/>
<endpoint kind="udpDiscoveryEndpoint"/>
<endpoint address="net.tcp://CONW-W7-PHILLP:58009" binding="netTcpBinding" bindingConfiguration="TcpLargeFileBinding" name="tcpLargeFileEndpoint" contract="AtcSystemService.IAtcStreamService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://CONW-W7-PHILLP:58008"/>
<add baseAddress="http://CONW-W7-PHILLP:8888"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="TcpBindingConfig">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="TcpLargeFileBinding" maxReceivedMessageSize="1048576" transferMode="Streamed">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MEXGET">
<serviceDiscovery/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="CN=AtcCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
And here is the client side code.
mBinding = new NetTcpBinding();
mBinding.Security.Mode = SecurityMode.Message;
mBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
mIdentity = new DnsEndpointIdentity("AtcCert");
IAtcSystemService GetServiceProxy()
{
var myAddress = new EndpointAddress(mServiceAddress.Uri, mIdentity,
mServiceAddress.Headers,
mServiceAddress.GetReaderAtMetadata(),
mServiceAddress.GetReaderAtExtensions());
var factory = new ChannelFactory<IAtcSystemService>(mBinding, myAddress);
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
StoreName.My, X509FindType.FindBySubjectDistinguishedName,
"CN=AtcCert");
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode
= X509CertificateValidationMode.ChainTrust;
return factory.CreateChannel();
}
Submit an article or tip