c# - wcf server authentication without certificates -
i have self-hosted wcf service nettcpbinding bindings. both servers , clients in same domain, i'd use windows authentication, i'd clients verify server credentials (to avoid internal man-in-the-middle/dns tampering attack). i've read way use spn, can't seem work; no matter spn set client works (i.e. server , client don't match, client connects anyway). i've got kind of configuration error, i'm not sure where. here service config server:
<system.servicemodel> <services> <service name="aaaauthservice.aaaauthservice" behaviorconfiguration="aaaauthservicebehavior"> <endpoint address="" binding="nettcpbinding" bindingconfiguration="nettcpbinding_iaaaauth" contract="aaa.iaaaauthservice"> <!-- <identity> <serviceprincipalname value="aaashlkjhlkjjjjhhhhjjpn/justink-pc.sgasdf1.allamericanasphaltasdf.casdfom"/> </identity> --> </endpoint> <host> <baseaddresses> <add baseaddress="net.tcp://localhost:9000/iaaaauthservice"/> </baseaddresses> </host> </service> </services> <behaviors> <servicebehaviors> <behavior name="aaaauthservicebehavior"> <servicethrottling maxconcurrentcalls="2147483647" maxconcurrentinstances="2147483647" maxconcurrentsessions="2147483647"/> <servicedebug includeexceptiondetailinfaults="true"/> </behavior> </servicebehaviors> </behaviors> <bindings> <nettcpbinding> <binding name="nettcpbinding_iaaaauth" closetimeout="00:00:20" opentimeout="00:00:10" receivetimeout="00:00:10" sendtimeout="00:00:10" hostnamecomparisonmode="strongwildcard" maxconnections="2147483647"> <security mode="transport"> <transport clientcredentialtype="windows" protectionlevel="encryptandsign"/> <message clientcredentialtype="windows"/> </security> </binding> </nettcpbinding> </bindings> the windows credentials seem passed in - operationcontext.current.serversecuritycontext.windowsidentity populated account information.
what missing here?
Comments
Post a Comment