Peer Channel Secure Chat

Download sample

This sample demonstrates using the NetPeerTcpBinding binding with password-based authentication, which provides multiparty communication using PeerChannel. This sample is a variation of the Getting Started Sample. Refer to Getting Started Sample for an overview of Windows Communication Foundation (WCF).

In this sample, the application instances are self-hosted console applications.

Unlike other transport binding samples, this sample uses the IChat contract interface for the purpose of illustrating multiparty communication. All instances implement this contract to receive messages and create proxies with the same contract to send messages to the mesh. This is demonstrated by creating a DuplexChannel to the mesh.


The setup procedure and build instructions for this sample are located at the end of this topic.

Understanding the binding configuration process in the sample involves the following PeerChannel concepts:

  • The peer resolver is responsible for resolving a mesh ID to the endpoint addresses of a few nodes in the mesh.

  • A mesh is a named collection of peer nodes identified by the mesh ID.

  • A peer node is an instance of an application that participates in the mesh.

  • Mesh IDs identify the host portion of the address of an endpoint in the mesh. Examples of these addresses are "net.p2p://chatMesh/servicemodelsamples/chat" or "net.p2p://broadcastMesh/servicemodelsamples/announcements". chatMesh and broadcastMesh are the mesh IDs.

  • All clients participating in a mesh use the same mesh ID, but can potentially use different paths and services. A message addressed to a specific endpoint address is delivered to all peer channels using that address.

When a peer node is opened (as a result of opening the peer channel), it uses a peer resolver to resolve mesh ID to the addresses of a few other peer nodes to connect to. This creates a mesh of interconnected nodes and enables messages to be propagated throughout the mesh.

PeerTransportCredentialType specifies how peers in the mesh are authenticated to each other. This property can be specified either in the binding configuration, in the NetPeerTcpBinding object, or by using PeerTransportBindingElement. A ClientCredentialSettings (or ServiceCredentialSettings) instance with appropriate credentials specified on the Peer property must be added to the behavior collection on the channel factory or ServiceHost depending on the usage.

  1. This sample uses the password authentication mode for securing PeerChannel (which is the default mode). This is accomplished by establishing a secure connection between neighbors and exchanging a transformation of this password. When Password is specified, the ClientCredentialSettings.Peer property must carry a valid password and optionally an X509Certificate2 instance (using SetSelfCertificate).

The binding is specified in the configuration file of the application. The binding type is specified in the endpoint element’s Binding attribute as shown in the following sample.

   <!-- chat instance participating in the mesh -->
   <endpoint name="SecureChatEndpoint"

If you use NetPeerTcpBinding binding with the default behavior, password-based security is enabled. The binding element provides attributes for setting port, listen IP address, resolver type, maximum message size, maximum buffer pool size, reader quotas, peer node authentication mode, message authentication, and timeouts (for close, open, send, and receive).

Note: This sample uses the default peer resolver (PNRP), which is not available in Windows Server 2003. Therefore, to run this sample on Windows Server 2003, you must use a custom peer. Please refer to Peer Channel Chat for a sample that uses a custom peer resolver, for example:

   <binding configurationName="Binding1"> 
    <resolver mode="Custom">
            type="MyAppNameSpace.MyCustomPeerResolver, myApp"/>

The file that contains MyCustomPeerResolver must be compiled with the application. Note that if the sample is being run on multiple machines with different platforms, they should all use the same resolver.

This chat implementation also demonstrates how to retrieve the peer node associated with the receiver or sender instance and to register for its online and offline events. An online event is fired when the peer node is connected to at least one other peer node in the mesh. An offline event is fired when a peer node is no longer connected to any other peer node in the mesh.

At this time, the peer channel does not integrate with the Service Model Metadata Utility Tool (Svcutil.exe). For this reason, Svcutil.exe cannot be utilized to generate a typed channel for the sender.

When you run the sample, the client will prompt for a nickname and password, after which it will display a message indicating it is ready to send messages. Chat messages will be displayed in the other client console windows. To terminate the client, press the Q key followed by ENTER in the console windows of a client.

If you enable tracing or message logging, you can monitor the sender and receiver activity at a deeper level. The Procedures section describes how to enable tracing and message logging.


It is important to note that the sample currently does not handle all possible exceptions that the infrastructure may throw. If you are using these samples in a commercial/production environment, please follow the correct exception handling best practices.

To set up, build, and run the sample

  1. Ensure that you have performed the One-Time Setup Procedure for the Windows Communication Foundation Samples.

  2. To build the C# or Visual Basic .NET edition of the solution, follow the instructions in Building the Windows Communication Foundation Samples.

  3. To run the sample in a single machine configuration, follow the instructions in Running the Windows Communication Foundation Samples.

  4. To install PNRP on Windows XP SP2 (one-time setup):

    1. In the Control Panel, double-click Add or Remove Programs.

    2. In the Add or Remove Programs dialog box, click Add/Remove Windows Components.

    3. In the Windows Components Wizard, select the "Networking Services" check box and click "Details".

    4. Check the "Peer-to-Peer" check box and click "OK".

    5. Click "Next" in the Windows Components Wizard.

    6. When the installation completes, click "Finish".

    7. From a command shell prompt, start the PNRP service with the following command: net start pnrpsvc.

  5. Start multiple instances of the sample, each time entering in a nickname and password. The nickname of each client should be distinct, and password should remain the same for all instances. Chat messages sent by one instance of the application are received by all others, provided that nicknames are distinct and the password matches. Multiple clients with the same nickname are allowed, but messages from clients with the same nickname are not displayed.

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.