[Mono-dev] WCF: netTcpBinding

Atsushi Eno atsushieno at veritas-vos-liberabit.com
Wed Dec 22 02:57:13 EST 2010 

Hi Karsten,

(2010/12/22 5:44), Karsten Fourmont wrote:
> Hi,
>
> thanks to the quick fix for the Datetime serialisation issue (thank you
> Atsushi!), I'm getting closer to moving my WCF heavy project over to
> Mono. (Well the server side actually, client's WPF...)
>
Thanks for the nice bug report :)

> But now I think I hit the biggest barrier: security&  netTcpBinding.
>
> Here are my requirements for the WCF communication:
>
> 1. I need a duplex service
> 2. A NATed/firewalled client must be able to initiate the connection.
> 3. secure session with username/password authentication.
> 4. Low overhead (performance&  message size) for big chunks of binary data
>
> So imho netTcpBinding (or even customBinding) is the way to go. In .NET
>    s.th. like this works fine (server side config):
>
> <netTcpBinding>
>     <binding name="serverTcp">
>       <security mode ="TransportWithMessageCredential">
>         <message clientCredentialType="UserName"/>
>         <transport clientCredentialType="None"/>
>       </security>
>    </binding>
> </netTcpBinding>
> ...
> <behavior name="serverBehaviour">
>    <serviceCredentials>
>      <serviceCertificate findValue="myCert"
> 	storeLocation="LocalMachine"
>           storeName="My"
> 	x509FindType="FindBySubjectName" />
>           <userNameAuthentication
> 	 userNamePasswordValidationMode="Custom"
>            customUserNamePasswordValidatorType="My.Validator, MyDll" />
>       </serviceCredentials>
> </behavior>
>
> The Security Mode is TransportWithMessageCredential as Transport
> encryption via ssl has a lower performance overhead (afaik) but for some
> "MS only knows" reason it doesn't offer Username credentials. So Message
> security is used for auth with a custom validator class.
>
> I didn't manage to get this config running on Mono: for starters I don't
> know how to let the server know about the certificate's private key
> which it needs for the ssl connection. I can provide the certificate by
> using Mono's certmgr, but this is only the public key part, suitable for
> the client.
>
> If I run it anyway I hit a "NotImplementedException"
>

I have no idea on where you get the exception, but TcpTransport security 
support is not there yet. I guess it is documented in [MC-NMF] as SSL 
protocol upgrades
though.

> So I fear even with the private key worked out, getting this kind of
> advanced configuration (or s.th. similar) up and running is not
> something that can be done with Mono right now. Or can it? Is there
> something I can do to help?
>
One (slightly) better approach is to avoid configuration. It is 
extraneous stack to the actual code implementation for us and often left 
not-implemented.
I'm not sure if we can spend time on implementing it in the near future.

> Any input and getting Mono WCF up to a configuration that meets the 4
> requirments above as good as possible is highly welcome.
>
> Other options might be to go over Http Bindings and maybe do duplex by
> some clever polling. There's a interesting looking thing at
> http://code.msdn.microsoft.com/duplexhttp
Indeed. I tried MoMA on it and found that most of the warnings are about 
missing configuration support. It might be worth trying. Our HTTP stack 
supports HTTP-based authentication and should work on https too, and 
should work with
binary MessageEncoder. If the above resolves "duplex" requirement, then it's
likely an answer.

Atsushi Eno

More information about the Mono-devel-list mailing list