I spent the past couple of days dealing with faultexceptions being thrown by our WCF service that was being consumed by our Indian team. It worked for all the US teams, but for some reason the Indian team kept getting faultexceptions on the service. The proxy seemed to disguise the error and was throwing an error about the channel being in a faulted state.
So down the rabbit hole I go. I created all sorts of test rigs; to no avail. I finally get a developer to build a debug version so we can drop right into the code. He is able to find an inner exception saying, hey, I don’t like your credentials. The service didn’t have any authentication on, so I thought.
Well, lesson to be learned is the TCP services seem to default to windows security mode. Yes, surprising as it is, if you don’t set the security configuration you get windows authentication. What does this mean? As soon as a person outside of your domain tries to invoke the service, they get their butts handed to them. No service for you!
So, how do you fix this? Easy, simple config change. Not one piece of source code needs to change.
Remember, you must change the binding on the SERVER and the CLIENT.
<system.serviceModel> <client> <endpoint address = "net.tcp://localhost/MyService" binding = "netTcpBinding" name = "MyService" bindingConfiguration = "myBinding" contract = "IMyContract" /> </client> <bindings> <netTcpBinding> <binding name="tcp_ myBinding "> <security mode="None"></security> </binding> </netTcpBinding> </bindings> </system.serviceModel>
So if you look at the config above, the key is the Security Mode tag. You need to go to your client and server bindings and set this to None.
Once you have that set, ON BOTH SIDES, your non-domain users can actually start calling your WCF service. Remember to restart the service after you make the configuration file changes!