Issues integrating .Net Core and WCF

Question

Issues integrating .Net Core and WCF

Stephen Richardson 41

I've found a couple of problems integrating .Net Core and WCF. These are:

1) If I write a service that exposes a custom class and then try to return this from a WCF service it will throw an exception if any property of the class doesn't have a public setter.

2) I have a net.tcp connection to a WCF service. If I don't use any authentication on the connection everything works OK but if I add it and set the ClientCredentialType then the authentication fails. It works fine with a .Net Framework 4.x application. (If I remove the ClientCredentialType line everything works but only if the service and app are on the same box).

    NetTcpBinding binding1 = new NetTcpBinding();
    binding1.Security.Mode = SecurityMode.Transport;
    binding1.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
    binding1.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    binding1.ReceiveTimeout = TimeSpan.MaxValue;
    binding1.ReliableSession.InactivityTimeout = TimeSpan.MaxValue;
    binding1.MaxReceivedMessageSize = 2147483647;
    binding1.MaxBufferSize = 2147483647;
    binding1.TransferMode = TransferMode.Streamed;
    ServiceHost.AddServiceEndpoint(typeof(IService1), binding1, baseAddress);
    ServiceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerName, "acme.com");

3) It's not possible to update a WCF service reference within VS2022, I have to keep deleting it and adding it again.

Does anyone know how to solve these problems?

4 answers

Your answer

Answer 1

.NET Core only supports WCF as a client so I'm assuming you're writing your WCF service in .NET Framework.

1) This isn't surprising but ultimately would depend on the serializer being used. Without a setter the value cannot be set which means it would be a calculated value. On the client side that wouldn't matter though. Therefore I would just make the client model allow setting. This would be especially important because serialization in .NET Core isn't the same as .NET Framework. But showing the definition and error(s) would help clarify.
2) Just a guess there is an issue with the TLS protocol and/or cert on the client machine. Ensure the server and client are using the same TLS protocols and that the cert is available on both machines.
3) In the Connected Services UI next to the Add button should be a refresh button. If you press that what happens?

Answer 2

Stephen Richardson 41

1) Yes my WCF service is running in a .Net Framework 4 app and the problem only occurs if I mark the operations with [XmlSerializerFormat] to prevent the property names being changed when I create the WCF service reference in my .Net 6 app.

2) The certificate is installed on the client - I will check the TLS versions.

3) When I click refresh nothing seems to happen - the service creation dialog doesn't open up again and the code behind doesn't update to reflect any changes made on the server side.

Michael Taylor 60,161 Reputation points

2022-03-23T18:12:56.88+00:00

Please respond to answers using the Comment button so we can relate your response with the answer it is tied with. Thanks.

1) Yes, XmlSerializer does not support read only properties. XML serialization requires that it create a new object and then set the properties one by one, unlike binary serialization, and therefore it doesn't work with read only properties. To work around this you generally mark the property with the ignore attribute but that also means it'll not get serialized. In most cases people use an XML-specific model in the service call so it is just easier to make it read/write even if the back end data model doesn't support it. Alternatively you could use custom XML serialization and control this yourself but that seems like overkill to me.
2) It doesn't seem like you're setting all the security options in your server code. I don't see that you're setting the message credential type (if any). Also you're setting the TCP credential type as none and it seems like you should be setting it to Certificate but I'd have to set up a service to confirm this.
3) It won't open again. When you refresh it should just pull down the modifications to what it has already mapped. If you're adding new stuff such as new endpoints then you probably need to click the dots next to the service name and then select Edit. This will effectively send you back through the configuration screen. TBH I tend to just manually adjust the generated reference.cs file if it is minor changes like adding a field to a model.

Answer 3

For completeness here is the WCF service code (running on .Net 4.x)

ServiceHost = new ServiceHost(typeof(Service1));
string baseAddress = "net.tcp://localhost:8733/Design_Time_Addresses/WpfServiceHost/Service1";
NetTcpBinding binding1 = new NetTcpBinding();
binding1.Security.Mode = SecurityMode.Transport;
binding1.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
binding1.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
binding1.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
binding1.ReceiveTimeout = TimeSpan.MaxValue;
binding1.ReliableSession.InactivityTimeout = TimeSpan.MaxValue;
binding1.MaxReceivedMessageSize = 2147483647;
binding1.MaxBufferSize = 2147483647;
binding1.TransferMode = TransferMode.Streamed;
ServiceHost.AddServiceEndpoint(typeof(IService1), binding1, baseAddress);
ServiceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerName, "acme.com");

ServiceHost.Open();

I've now set the TLS protocol versions on the server and client sides but the connection still fails if I include the line where binding1.Security.Transport.ClientCredentialType is set or if I run the server and client on different boxes.

Updated client code:

NetTcpBinding tcpBinding = new NetTcpBinding();
tcpBinding.ReceiveTimeout = TimeSpan.MaxValue;
tcpBinding.MaxReceivedMessageSize = 2147483647;
tcpBinding.MaxBufferSize = 2147483647;
tcpBinding.Security.Mode = SecurityMode.Transport;
tcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
tcpBinding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
tcpBinding.TransferMode = TransferMode.Streamed;
testService = new TestServiceRef1.Service1Client(tcpBinding, new EndpointAddress(new Uri("net.tcp://myserver:8733/Design_Time_Addresses/WpfServiceHost/Service1")));
testService.ChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

testService.Open();

Lan Huang-MSFT 30,186 Reputation points Microsoft External Staff

2022-03-24T09:30:11.36+00:00

Hi @Stephen Richardson ,

tcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;

Error adding this line? Is there a specific error message?
None: Messages are not secured during transfer.
You can try adding the following line:

tcpBinding.Security.Transport.ClientCredentialType =TcpClientCredentialType.Certificate;

https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-overview#nettcpbinding

Best regards,
Lan Huang

Answer 4

Stephen Richardson 41

If found the problem. My original WCF service was hosted in a Windows Service running under the system account but for this test I hosted the service in a WPF app which ran under my Windows user account. When I recreated the Windows Service setup for this test service I was able to call it from .Net 6 successfully with the code above - no need to use TcpClientCredentialType.Certificate

Share via

Issues integrating .Net Core and WCF

4 answers

Your answer