I'm doing some testing with WCF and we currently have the following Server setup (simplified config):
<netTcpBinding>
<binding name="netTcp" ... >
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</netTcpBinding>
...
<serviceBehaviors>
<behavior name="defaultServiceBehavior">
<serviceCredentials>
<serviceCertificate
findValue="OurCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behaviour>
</serviceBehaviors>
And the following Client config:
<endpointBehaviors>
<behavior name="NoRevNoValid">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"
revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
So, the idea is that the server certificate is used to encrypt the data, but that the Client does not bother to validate the certificate (the client won't have the CA for the certificate anyway).
However, this configuration does not stop the client from validating the certificate. It still tries to walk the chain of trust and look for revocation lists.
I have found this link stating that the certificateValidationMode attribute does NOT apply to net.tcp bindings.
I have looked at handling the ServicePointManager.ServerCertificateValidationCallback event, but again it appears that this only applies to Http-based bindings.
Presumably these are both because when using the net.tcp binding, the transport security is handled out of scope of the application?
Is there any other way of forcing validation of the certificate to not take place?