question

Avatar-5165 avatar image
0 Votes"
Avatar-5165 asked PengDing-MSFT commented

WCF client communication is getting hung with selfsigned certificate in private domain

I have a WCF Duplex channel hosted in server as below

  private void CreateWCFHost()
         {            
                 //Get certificate issuername 
                 string certificateThumbprint = GetCertificateThumbprint();                
                 Uri baseTcpUrl = new Uri("net.tcp://" + IP + ":" + serverPort + "/");
    
                 NetTcpBinding tcpBinding = new NetTcpBinding();
                 tcpBinding.PortSharingEnabled = true;
                     tcpBinding.Security.Mode =
                         SecurityMode.Transport;
                     tcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    
                 tcpBinding.CloseTimeout = TimeSpan.MaxValue;
                 tcpBinding.OpenTimeout = TimeSpan.MaxValue;
                 tcpBinding.ReceiveTimeout = TimeSpan.MaxValue;
                 tcpBinding.SendTimeout = TimeSpan.MaxValue;
                 tcpBinding.ReliableSession.InactivityTimeout = TimeSpan.MaxValue;
                 tcpBinding.ReliableSession.Enabled = true;
                     ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                     //Create Channel
                     serviceHost = new ServiceHost(typeof(CommunicationWrapper), baseTcpUrl);
    
                     serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                         StoreName.Root, X509FindType.FindByThumbprint, certificateThumbprint);
    
                 //Add service end points
                     serviceHost.AddServiceEndpoint(typeof(IClientRequests), (Binding) tcpBinding, baseTcpUrl);
    
                 //Add service http metadata info so that it can be seen in web when service is running
                     ServiceMetadataBehavior serviceMetadata =
                         serviceHost.Description.Behaviors.Find<ServiceMetadataBehavior>();
    
                 if (serviceMetadata == null)
                 {
                     serviceMetadata = new ServiceMetadataBehavior();
                     serviceHost.Description.Behaviors.Add(serviceMetadata);
                 }
          serviceHost.Open();
  }

My client code looks like below

  public void StartClient()
         {
             baseTcpUrl = new Uri("net.tcp://" + IP + ":" + serverPort + "/");
             tcpBinding = new NetTcpBinding();
             tcpBinding.PortSharingEnabled = true;
             tcpBinding.Security.Mode = SecurityMode.Transport;
             tcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    
             tcpBinding.CloseTimeout = TimeSpan.MaxValue;
             tcpBinding.OpenTimeout = TimeSpan.MaxValue;
             tcpBinding.ReceiveTimeout = TimeSpan.MaxValue;
             tcpBinding.SendTimeout = TimeSpan.MaxValue;
             tcpBinding.ReliableSession.InactivityTimeout = TimeSpan.MaxValue;
             tcpBinding.ReliableSession.Enabled = true;
             ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
             string encryptedDnsName = GetCertificateDnsName();
               
             //Decrypt the DNS name
             EncryptionFactory encriptionFactory = new EncryptionFactory();
             var encription = encriptionFactory.GetEncryptionObj(SymetricEncryptionType.AesCryptoServiceProvider);
             string dnsName = encription.DecryptString(encryptedDnsName);
                
             //Create EndpointIdentity with the DNS name
             endpointTcpAddress = new EndpointAddress(baseTcpUrl, new DnsEndpointIdentity(dnsName));
             serverProxy = new InstanceContext(new ServerRequests(applet));
    
             Client = new GfnClientRequests(serverProxy, tcpBinding, endpointTcpAddress);
    
             Client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
                 System.ServiceModel.Security.X509CertificateValidationMode.None;
             Client.ClientCredentials.ServiceCertificate.Authentication.RevocationMode =
                 System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
         }


When i make a call from my client to server using this channel it works fine. But it is not working only in private domain network (with self signed certificate) when i made a call to server it is getting hung for ever.
Debug diag screenshot attached below

96784-image.png

Could some one please help me with a solution.


dotnet-csharpwindows-wcf
image.png (91 B)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WCF has a Q&A tag you can post to for help.

0 Votes 0 ·

Hi @Avatar-5165 , What error occurred in the private domain network?

0 Votes 0 ·

97589-untitled.jpgPlease refer the attachment for call stack


0 Votes 0 ·
untitled.jpg (723.9 KiB)

Hi @Avatar-5165 , This log is difficult to determine where the problem occurred. You can refer to this link for detailed log records: https://docs.microsoft.com/en-us/dotnet/framework/wcf/samples/tracing-and-message-logging

0 Votes 0 ·

0 Answers