I have a situation where I have 2 Machines.
- Machine A
- Machine B
Client on machine B connects successfully to Host on machine A.
Client on machine B be connects successfully to Host on machine B.
Client on machine A connects successfully to Host on machine B.
Client on machine A CANNOT connect to Host on machine A. - System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials.
I am using Windows authentication.
Client:
var netTcpBinding = new NetTcpBinding()
{
Security = new NetTcpSecurity()
{
Mode = SecurityMode.Transport,
Transport = new TcpTransportSecurity()
{
ClientCredentialType = TcpClientCredentialType.Windows,
}
},
TransferMode = TransferMode.Streamed,
MaxReceivedMessageSize = long.MaxValue,
MaxBufferSize = int.MaxValue,
MaxBufferPoolSize = long.MaxValue,
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxDepth = int.MaxValue,
MaxArrayLength = int.MaxValue,
MaxStringContentLength = int.MaxValue
},
SendTimeout = TimeSpan.MaxValue,
ReceiveTimeout = TimeSpan.MaxValue
};
string endpointAddress;
if (port == 0)
endpointAddress = string.Format("net.tcp://{0}/Configuration", host);
else
endpointAddress = string.Format("net.tcp://{0}:{1}/Configuration", host, port);
Console.WriteLine("Endpoint: {0}", endpointAddress);
var factory = new ChannelFactory<IMyChannel>(netTcpBinding);
factory.Endpoint.Address = new EndpointAddress(new Uri(endpointAddress), new DnsEndpointIdentity("MyDns"));
//Do not verify
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
factory.Credentials.Windows.ClientCredential.Domain = domain;
factory.Credentials.Windows.ClientCredential.UserName = username;
factory.Credentials.Windows.ClientCredential.Password = password;
//Console.WriteLine("Opening Channel Factory ... ");
factory.Open();
Host:
#region INIT
//Set configuration file just once
if (ChannelServices.RegisteredChannels.Length == 0)
{
RemotingConfiguration.Configure(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile, false);
}
_serviceHost = null;
_serviceHost = new ServiceHost(typeof(MyChannel));
_serviceHost.AddDefaultEndpoints();
// build list with local IP addresses to bind to
var localIpAddresses = new List<IPAddress>(Dns.GetHostAddresses(Dns.GetHostName()));
if (IPAddress.Loopback != null)
localIpAddresses.Add(IPAddress.Loopback);
localIpAddresses.RemoveAll(i => i.AddressFamily != AddressFamily.InterNetwork);
// enable metadata exchange bahaviour
// add metadatabehaviour in case HTTP is not enabled
var metadataBehaviour = _serviceHost.Description.Behaviors.Find<ServiceMetadataBehavior>();
if (metadataBehaviour == null)
{
metadataBehaviour = new ServiceMetadataBehavior();
_serviceHost.Description.Behaviors.Add(metadataBehaviour);
}
var credentialsBehaviour = _serviceHost.Description.Behaviors.Find<ServiceCredentials>();
if (credentialsBehaviour == null)
{
credentialsBehaviour = new ServiceCredentials();
_serviceHost.Description.Behaviors.Add(credentialsBehaviour);
}
var serviceDebug = _serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>();
if (serviceDebug == null)
{
serviceDebug = new ServiceDebugBehavior();
_serviceHost.Description.Behaviors.Add(serviceDebug);
}
serviceDebug.IncludeExceptionDetailInFaults = true;
var tcpPort = "9096";
_log.Info("tcpPort - {0}", tcpPort);
var netTcpBinding = new NetTcpBinding()
{
Security = new NetTcpSecurity()
{
Mode = SecurityMode.Transport,
Transport = new TcpTransportSecurity()
{
ClientCredentialType = TcpClientCredentialType.Windows,
}
},
TransferMode = TransferMode.Streamed,
MaxReceivedMessageSize = long.MaxValue,
MaxBufferSize = int.MaxValue,
MaxBufferPoolSize = long.MaxValue,
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxDepth = int.MaxValue,
MaxArrayLength = int.MaxValue,
MaxStringContentLength = int.MaxValue
},
SendTimeout = TimeSpan.MaxValue,
ReceiveTimeout = TimeSpan.MaxValue
};
var endpoint = _serviceHost.AddServiceEndpoint(
typeof(IMyChannel),
netTcpBinding,
new Uri(string.Format("net.tcp://0:{0}/Configuration", tcpPort)));
ServiceSecurityAuditBehavior newAudit = new ServiceSecurityAuditBehavior();
newAudit.AuditLogLocation = AuditLogLocation.Application;
newAudit.MessageAuthenticationAuditLevel = AuditLevel.SuccessOrFailure;
newAudit.ServiceAuthorizationAuditLevel = AuditLevel.SuccessOrFailure;
newAudit.SuppressAuditFailure = false;
_serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName,
MetadataExchangeBindings.CreateMexTcpBinding(),
string.Format("net.tcp://localhost:{0}/Configuration/mex", tcpPort));
_serviceHost.Description.Behaviors.Remove<ServiceSecurityAuditBehavior>();
_serviceHost.Description.Behaviors.Add(newAudit);
_serviceHost.Opening += (sender, eventArgs) => _log.Info("Opening Connection ...");
_serviceHost.Opened += (sender, eventArgs) => _log.Info("Opened Connection ...");
_serviceHost.Closing += (sender, eventArgs) => _log.Info("Closing connection ...");
_serviceHost.Closed += (sender, eventArgs) => _log.Info("Closed connection ...");
_serviceHost.Faulted += (sender, eventArgs) => _log.Error("Fault detected on WCF host");
_serviceHost.Open();
#endregion
Here is my full stack trace:
System.ServiceModel.Security.SecurityNegotiationException: The server has reject ed the client credentials. ---> System.Security.Authentication.InvalidCredential Exception: The server has rejected the client credentials. ---> System.Component Model.Win32Exception: The logon attempt failed --- End of inner exception stack trace --- at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyn cResult lazyResult) at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResul t lazyResult) at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message , LazyAsyncResult lazyResult) at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyn cResult lazyResult) at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResul t lazyResult) at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyRe sult) at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenIm personationLevel allowedImpersonationLevel) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsS treamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessagePr operty& remoteSecurity) --- End of inner exception stack trace ---
Server stack trace: at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsS treamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessagePr operty& remoteSecurity) at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUp grade(Stream stream) at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(Strea mUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecode r decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeout Helper) at System.ServiceModel.Channels.StreamedFramingRequestChannel.SendPreamble(IC onnection connection, TimeoutHelper& timeoutHelper, ClientFramingDecoder decoder , SecurityMessageProperty& remoteSecurity) at System.ServiceModel.Channels.StreamedFramingRequestChannel.StreamedConnect ionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& time outHelper) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(Time Span timeout) at System.ServiceModel.Channels.StreamedFramingRequestChannel.StreamedFraming Request.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeS pan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean on eway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan tim eout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCall Message methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage req Msg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDa ta, Int32 type) at MyProject.TestConnection() at MyProject.Program.ManualInput() in d:\Source\MyProject\Program.cs:line 84
It does not make any sense.
Any help will be appreciated!
Thanks!
K