How to connect to a WCF service that has a mismatched Identity in code…

I had an issue where my client was connecting to a WCF service that was using certificate authentication, but the certificate was for a different dns name.

i.e. server was foobar.comp and the certificate was for foo.foobar.comp.

This presented an issue. Of course, you can change the Identity tag in the configuration file, but I wanted my program to be a little smarter. I grab the error from the WCF service and switch the Identity on the fly. Mainly I did this for a test application in a load balancing scenario due to the load balancer having a different DNS name than the servers. (Obviously!)

Hopefully you have written your own proxy class with a constructor that takes in the configuration name and an EndPointAddress.

You can then use the following style code to create your proxy with the Identity mismatch taken care of.


 protected override MyProxyClient CreateConnection(string Server, string altIdentity)
        {
            if (string.IsNullOrEmpty(altIdentity))
                altIdentity = Server;

            return new MyProxyClient ("MyServiceBindingConfiguration",
                new EndpointAddress(
                    new Uri(
                        string.Format("net.tcp://{0}:8090/seekford/2.0/SeekfordService",
                    Server)
                    ),
                    EndpointIdentity.CreateDnsIdentity(altIdentity))
                );
        }

We only are using the configuration for the primary settings, such as binding info. The actual server endpoint is being set on the fly with the altIdentity param being used to allow the server to masquerade with a different certificate.

Happy Coding!

Leave a Reply

Your email address will not be published. Required fields are marked *