Hi Karsten, (2010/12/22 5:44), Karsten Fourmont wrote: > Hi, > > thanks to the quick fix for the Datetime serialisation issue (thank you > Atsushi!), I'm getting closer to moving my WCF heavy project over to > Mono. (Well the server side actually, client's WPF...) > Thanks for the nice bug report :)
> But now I think I hit the biggest barrier: security& netTcpBinding. > > Here are my requirements for the WCF communication: > > 1. I need a duplex service > 2. A NATed/firewalled client must be able to initiate the connection. > 3. secure session with username/password authentication. > 4. Low overhead (performance& message size) for big chunks of binary data > > So imho netTcpBinding (or even customBinding) is the way to go. In .NET > s.th. like this works fine (server side config): > > <netTcpBinding> > <binding name="serverTcp"> > <security mode ="TransportWithMessageCredential"> > <message clientCredentialType="UserName"/> > <transport clientCredentialType="None"/> > </security> > </binding> > </netTcpBinding> > ... > <behavior name="serverBehaviour"> > <serviceCredentials> > <serviceCertificate findValue="myCert" > storeLocation="LocalMachine" > storeName="My" > x509FindType="FindBySubjectName" /> > <userNameAuthentication > userNamePasswordValidationMode="Custom" > customUserNamePasswordValidatorType="My.Validator, MyDll" /> > </serviceCredentials> > </behavior> > > The Security Mode is TransportWithMessageCredential as Transport > encryption via ssl has a lower performance overhead (afaik) but for some > "MS only knows" reason it doesn't offer Username credentials. So Message > security is used for auth with a custom validator class. > > I didn't manage to get this config running on Mono: for starters I don't > know how to let the server know about the certificate's private key > which it needs for the ssl connection. I can provide the certificate by > using Mono's certmgr, but this is only the public key part, suitable for > the client. > > If I run it anyway I hit a "NotImplementedException" > I have no idea on where you get the exception, but TcpTransport security support is not there yet. I guess it is documented in [MC-NMF] as SSL protocol upgrades though. > So I fear even with the private key worked out, getting this kind of > advanced configuration (or s.th. similar) up and running is not > something that can be done with Mono right now. Or can it? Is there > something I can do to help? > One (slightly) better approach is to avoid configuration. It is extraneous stack to the actual code implementation for us and often left not-implemented. I'm not sure if we can spend time on implementing it in the near future. > Any input and getting Mono WCF up to a configuration that meets the 4 > requirments above as good as possible is highly welcome. > > Other options might be to go over Http Bindings and maybe do duplex by > some clever polling. There's a interesting looking thing at > http://code.msdn.microsoft.com/duplexhttp Indeed. I tried MoMA on it and found that most of the warnings are about missing configuration support. It might be worth trying. Our HTTP stack supports HTTP-based authentication and should work on https too, and should work with binary MessageEncoder. If the above resolves "duplex" requirement, then it's likely an answer. Atsushi Eno _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
