After solving my previous problem, I wanted to convert the netTcpBinding to a customBinding, which I managed succesfully. However, WcfTestClient (and normal client) give an error while trying to extract metadata when I put a custom authorization policy in place (it works fine without!).
My config:
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
I’ve read on MSDN (here: http://social.msdn.microsoft.com/Forums/en-IE/wcf/thread/80a33bc6-0765-45f6-8af5-0a414a5cc40d) that this may be caused because a custom authorization manager is also required. I tried this and added the CustomAuthorizationManager as well (with CheckAccessCore always returning true), but it didn’t work.
This is added in the config as:
<serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
The rest of the config:
Binding:
<customBinding>
<binding name="SampleBinding" receiveTimeout="00:05:00">
<transactionFlow/>
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings maxClockSkew="23:59:59" />
<localServiceSettings maxClockSkew="23:59:59" />
</secureConversationBootstrap>
<localClientSettings maxClockSkew="23:59:59" />
<localServiceSettings maxClockSkew="23:59:59" />
</security>
<binaryMessageEncoding/>
<tcpTransport transferMode="Buffered" portSharingEnabled="true" maxReceivedMessageSize="65536" hostNameComparisonMode="StrongWildcard"/>
</binding>
</customBinding>
Behavior:
<behavior name="SampleBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" httpsHelpPageEnabled="true" />
<serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<serviceCertificate findValue="MySample" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Sample.Tools.CustomUserNameValidator, Sample" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" />
</behavior>
Services:
<services>
<service behaviorConfiguration="SampleBehavior"
name="Sample.SampleService">
<endpoint address=""
binding="customBinding"
bindingConfiguration="SampleBinding"
name="MyServiceEndpoint"
contract="Sample.ISampleService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexTcpBinding"
bindingConfiguration=""
name="MyServiceMexTcpBidingEndpoint"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:809/SampleService.svc" />
</baseAddresses>
</host>
</service>
</services>
I’m pretty much stuck here and there is very little to find regarding this issue.
I came across this nice post here: http://social.msdn.microsoft.com/forums/en-US/wcf/thread/86ed7974-97d4-4cc8-a965-542a3063aced
This fixed my issue, now I need to look into implementing a proper ServiceAuthorizationManager 🙂