Home/ Questions/Q 253993
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T21:48:34+00:00

We’re using UsernamePasswordValidator along with a certificate to secure access to our WCF services.

  • 0

We’re using UsernamePasswordValidator along with a certificate to secure access to our WCF services.

However, the custom authorization policies we’re using are SERVICE behaviors, not endpoint behaviors, so they apply to all endpoints, including the MEX endpoint. We’d like to be able to go and grab the service references using visual studio without having to comment out the service behaviors every time, but since both the mex and the wshttp endpoint are secured, we get an error when doing “Add Service Reference..”

Is there any way around this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Are you using the same binding on both? If so, try 2 seperate bindings – one for the mex endpoint and one for the wshttp:

    So for the service – something like:

    <wsHttpBinding><binding name="wsHttpBindingMessageUname">
<security mode="Message">
    <message clientCredentialType="UserName" negotiateServiceCredential="true"
      establishSecurityContext="false" />
</security></binding></wsHttpBinding>

    and for the mex endpoint (no security):

    <customBinding><binding name="customMex">
<textMessageEncoding>
    <readerQuotas maxDepth="2147483647"
          maxStringContentLength="2147483647"
          maxArrayLength="2147483647"
          maxBytesPerRead="2147483647"
          maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<httpTransport transferMode="Buffered"
               maxReceivedMessageSize="2147483647"
               maxBufferSize="2147483647"/></binding></customBinding>

    Service endpoints will be something like:

    <endpoint address="" behaviorConfiguration="Server.Services.DefaultEndpointBehavior"  binding="wsHttpBinding" bindingConfiguration="wsHttpBindingMessageUname" name="DefaultHttp" contract="Server.Services.IMyService" listenUriMode="Explicit" />
<endpoint address="mex" binding="customBinding" contract="IMetadataExchange" name="" bindingConfiguration="customMex" listenUriMode="Explicit" />

    With this setup, it’s not applying the security for mex so you shouldn’t get that message when trying to update service reference. Either that, or create another secure binding that uses different credentials, i.e. a client certificate on your machine.

    The following MSDN post has a sample of this and more info can be found on this blog regarding secure mex endpoints.

    • 0