2

I have a duplex WCF, it work perfect in local host (connect my application to this WCF when it run locally).

Now I tried to hosted it in my IIS (Server 2008 R2 standard), I create a windows account "GOD", and an application poll in IIS using the "GOD" identity.

I can access this WCF from my pc (other than the server) from web browser and see the XML of the contract, (click on the link inside the page displayed)

When try to access from my application I get the exception:

Client is unable to finish the security negotiation within the configured timeout (00:00:00). The current negotiation leg is 1 (00:00:00).

Again when the WCF run locally my app work OK.

I tried to use the trace but all I successful to see is the exception about the time out.

My app.config is:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
        <listeners>
          <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\log\Traces.svclog"/>
        </listeners>
      </source>
    </sources>
  </system.diagnostics>
  <system.serviceModel>
    <bindings>
      <wsDualHttpBinding>
        <binding name="WSDualHttpBinding_I_BridgeWCFService" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
          bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
          maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646"
          messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
          <readerQuotas maxDepth="256" maxStringContentLength="2147483646"
            maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
          <reliableSession ordered="true" inactivityTimeout="01:10:00" />
          <security mode="Message" />
        </binding>
      </wsDualHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://win-jj/_Bridge1/_BridgeWcfService.svc"
        binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_I_BridgeWCFService"
        contract="_BridgeWcfServiceReference.I_BridgeWCFService"
        name="WSDualHttpBinding_I_BridgeWCFService">
        <identity>
          <dns value="localhost"/>
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
  </startup>
</configuration>

I also tried to change the identity section above to: <userPrincipalName value="GOD" />, but then I got another exception.

My service config file: web.config:

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsDualHttpBinding>
        <binding name="WSDualHttpBinding_I_BridgeWCFService" closeTimeout="01:01:00" openTimeout="01:01:00" receiveTimeout="01:10:00" sendTimeout="01:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
          <readerQuotas maxDepth="256" maxStringContentLength="2147483646" maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646"/>
          <reliableSession ordered="true" inactivityTimeout="01:10:00"/>
          <security mode="Message">
            <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default"/>
          </security>
        </binding>
      </wsDualHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="_BridgeNameSpace.Service1Behavior" name="_BridgeNameSpace._BridgeWCFService">
        <endpoint address="" binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_I_BridgeWCFService" contract="_BridgeNameSpace.I_BridgeWCFService">
          <identity>
            <userPrincipalName value="GOD" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="_BridgeNameSpace.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
  <system.web>
    <compilation debug="true"/>
  </system.web>
</configuration>

I also tried to change the identity section above to: <dns value="localhost"/>, but nothing change

I connect to my service in my application as following:

MyServiceClientProxy Proxy = null;
MyCallbackProxy myCallbackProxy = null;

myCallbackProxy = new MyCallbackProxy();
InstanceContext cntx = new InstanceContext(myCallbackProxy);
Proxy = new MyServiceClientProxy(cntx, "WSDualHttpBinding_I_BridgeWCFService");
Proxy.ClientCredentials.Windows.ClientCredential.UserName = "GOD";
Proxy.ClientCredentials.Windows.ClientCredential.Password = "yy";
try
{
Proxy.Open();
}
catch { return; }

BTW, when tried to change the security to '' got the following exception (wither or not use the ClientCredential.Username&Password as the code above):

The open operation did not complete within the allotted timeout of 00:00:59.1689524. The time allotted to this operation may have been a portion of a longer timeout.

ANY IDEA ?, PLS help!

Joseph
  • 1,716
  • 3
  • 24
  • 42

1 Answers1

2

wsDualHttpBinding tries to open a connection from server to client which will be blocked by firewalls

My advice would be to switch to netTcpBinding - its much simpler for duplex messaging as I blogged here

Richard Blewett
  • 6,089
  • 1
  • 18
  • 23
  • first thanks a lot for this great tip, All the time i tried to play with the server while the problem in my local PC (I just turn off the firwale in my pc) and it works. Now I have 2 questions:1. do I need only to change the text in the config files between to or need more... 2. according to your post, you said that if the server allow only port 80 (which is the case in our server), I will have to keep using wsDualhttpBinding>, in this case, what should I do to let app get the connection? – Joseph Jan 23 '12 at 07:21
  • 1. you'll need to change the binding the endpoint uses and also, if you want to allow large messages change the binding configuration from wsDualHttpBinding to netTcpBinding - you can probably use transport security rather than message security. Can you not request an extra port to be opened for your communication? if not you will have to look at using a polling mechanism such as the polling duplex binding http://www.codeproject.com/Articles/43518/Silverlight-WCF-example-using-polling-duplex-with – Richard Blewett Jan 23 '12 at 07:55
  • I did't understand the "Can you not request an extra port to be opened for your communication?", what it means, for the call back?, if yes, If I don't need call back I would use the basicHttpBinding. – Joseph Jan 24 '12 at 08:10
  • No - I mean if you use NetTcpBinding it can't use port 80 (well it could if IIS wasn't on the machine but the firewall may also do stateful inspection of packets which would block it too). Therefore, you would need to ask the network management to unblock another inbound port to that machine for the NetTcp traffic - are you sure this is a non-starter? – Richard Blewett Jan 24 '12 at 09:13
  • You can get WSDualHttpBinding working on a local network, I a, currently doing it and I am currently trying to get it over the internet. here is a link [link](http://jason-mitchell.com/software-development/duplex-wcf-services-over-http/) that I used the code. One thing that you must must must do change the client Framework to .Net Framework 4 Client Profile as the project framework. not clientbaseaddress is needed unless you are running on a single machine. – Lawrence Thurman Jul 11 '14 at 19:50
  • I tried WSDualHttpBinding and it worked locally, but could never get it working over the internet after trying for two days. I switched to netTcpBinding. The only tricky thing for using it from IIS is that you have to add the net.tcp binding to your site and enable the protocol as described here http://stackoverflow.com/questions/3188618/enabling-net-tcp-in-iis7. Make sure your endpoint in the client configuration is in this form: address="net.tcp://www.yourDomain.com/yourWebapp/Service.svc" – Dan Randolph May 15 '17 at 13:59