I have a service using a tcp channel and transport security and I get a strange behavior that I can't explain. The service is hosted on IIS using an application pool with the identity of a particular AD user. If a client in the same AD domain wants to connect to this service, it has to use the same credentials as the user hosting the service. This coincides with what is stated in this post but the weird part is that a client outside the AD domain can specify a different set of (valid) credentials and use the service.
My question is why can this happen? Both out of curiosity and also it would be great if the restriction of using the same credentials in the client and service can be lifted regardless of the environment.
Like I said the service is using a net tcp binding with transport security, windows credentials and encrypt and sign as the protection level, like so
NetTcpBindingnetTcpBinding = new NetTcpBinding(SecurityMode.Transport, true);
netTcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
netTcpBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
