i am developing a duplex federated wcf service, my federation scenario is working fine but when i tried to make it duplex to an exception is thrown "The incoming policy could not be validated"
i think its issue with my configurations but am still not able to trace out the mistake,
Following are my configuration:
For my main service:
<bindings>
<customBinding>
<binding name='MyServiceBinding'>
<security authenticationMode='SecureConversation'>
<secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
<issuedTokenParameters>
<issuerMetadata address='http://localhost:62751/TokenIssuer.svc/mex'/>
</issuedTokenParameters>
</security>
<compositeDuplex/>
<oneWay/>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<services>
<service name="MyService.MyService"
behaviorConfiguration='MyServiceBehavior'>
<endpoint address="Response"
binding="customBinding"
bindingConfiguration='MyServiceBinding'
contract="MyService.IMyService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
STS Configurations
and 3. Client Configurations
<system.serviceModel>
<bindings>
<customBinding>
<binding name='MyServiceBinding'>
<security authenticationMode='SecureConversation'>
<secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
<issuedTokenParameters>
<issuer address='http://localhost:62751/TokenIssuer.svc' binding='wsHttpBinding' bindingConfiguration='MyTokenIssuer'/>
</issuedTokenParameters>
</security>
<compositeDuplex/>
<oneWay/>
<httpTransport/>
</binding>
</customBinding>
<wsHttpBinding>
<binding name="MyTokenIssuer">
<security mode="Message"/>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="GetResponseClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint name="WSFederationHttpBinding_IMyService" address="http://localhost:53121/MyService.svc/Response" binding="customBinding" bindingConfiguration="MyServiceBinding" behaviorConfiguration="GetResponseClientBehavior" contract="IMyService">
<identity>
<certificateReference storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="BookStoreService.com"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
Related
I am using a WCF service in my solution. It works fine with http localhost. After installing the certificate it is not working with https localhost.This is the configuration,
<system.serviceModel>
<bindings>
<customBinding>
<binding name="RawReceiveCapable">
<webMessageEncoding webContentTypeMapperType="SmsService.RawContentTypeMapper, SmsService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<httpsTransport authenticationScheme="Basic" manualAddressing="true" maxReceivedMessageSize="524288000" transferMode="Streamed" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior" name="TR_Registry.Service1">
<!--<endpoint address="" binding="webHttpBinding" contract="TR_Registry.IService1" behaviorConfiguration="EndpBehavior" />-->
<!--<endpoint address="" binding="basicHttpBinding" contract="TR_Registry.IService1"></endpoint>-->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="TR_Registry.IService1"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
Add following binding
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Specify your service and service endpoint
<service name="TR_Registry.Service1">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="TR_Registry.IService1"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
For more details go through this link http://msdn.microsoft.com/en-us/library/hh556232%28v=vs.110%29.aspx
Try using setting basicHttpBinding details and using Transport level security
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
I'm trying to retrieve the logged in windows user in a WCF service.
I've tried using ServiceSecurityContext but Current is always null.
ServiceSecurityContext.Current.WindowsIdentity.Name
I've also tried using OperationContext. In this case ServiceSecurityContext returns as null.
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name
Here's my web.config:
<bindings>
<basicHttpBinding>
<binding name="HttpWindowsBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
also
<authentication mode="Windows"/>
Can anyone see what I'm doing wrong?
UPDATE:
I abandoned trying to get ServiceSecurityContext to work. In the end, I found a solution by setting aspNetCompatibilityEnabled="true".
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
I also added the following attribute to my service class:
[System.ServiceModel.Activation.AspNetCompatibilityRequirements(RequirementsMode = System.ServiceModel.Activation.AspNetCompatibilityRequirementsMode.Required)]
This allowed me to retrieve the windows user with:
HttpContext.Current.User.Identity.Name
I got the same error and managed to solved it, you need not to use basichttpBinding. bellow is my config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MSADC">
<security mode ="Message">
<transport clientCredentialType="Windows" />
<message establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WCFAuthentication.WCFAuthentication">
<endpoint bindingConfiguration="MSADC" address="" binding="wsHttpBinding" contract="WCFAuthentication.IWCFAuthentication">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8088" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<appSettings>
<add key="wcf:disableOperationContextAsyncFlow" value="false" />
</appSettings>
</configuration>
So I'm trying to consume a WCF service from a website and pass the IClaimsIdentity the site got from an STS through to the service.
When I try to invoke a service method through an ActAs channel, I get the following error on the client (looking at trace logs, it never gets to the service, and the STS sends through all tokens correctly):
The identity check failed for the outgoing message. The expected
identity is
'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint)' for
the 'http://localhost/MyWCFHost/MyService.svc' target endpoint.
I've got a custom IssuedTokenForCertificate binding and all the certificates are OK as far as I can see, it should work, but no dice. I'd appreciate another pair of eyes looking over my config and helping:
Consuming Web Site config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IMyService">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenForCertificate"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSignatureConfirmation="true">
<issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
<additionalRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
</trust:SecondaryParameters>
</additionalRequestParameters>
<issuer address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc"
binding="ws2007HttpBinding" bindingConfiguration="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc">
</issuer>
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex" />
</issuedTokenParameters>
<localClientSettings detectReplays="true" />
<localServiceSettings detectReplays="true" />
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc">
<security>
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyWCFHost/MyService.svc" binding="customBinding"
bindingConfiguration="CustomBinding_IMyService" contract="MyService.IMyService"
name="CustomBinding_IMyService">
<identity>
<!--<certificate encodedValue="AwAAAAEAAAAUAAAAV2ILlfzl9NIHEiGv1rUCSitq8I0gAAAAAQAAAP8BAAAwggH7MIIBaKADAgECAhBTTBmG1HyUkEDVFmVUxfDLMAkGBSsOAwIdBQAwFTETMBEGA1UEAxMKRXRhbmEgUm9vdDAeFw0xMjA5MjExMjE2MDRaFw0zOTEyMzEyMzU5NTlaMB8xHTAbBgNVBAMTFEV0YW5hIFNUUyBFbmNyeXB0aW9uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0lbzr1b1aNiXGhwKMTO58QbLbbKoUtTRkA4egMlmip1Vm46BnscWAMvXA5kyzuqK6Cw/5bel15i0pZXR4kjByKbSr65V0/ODGrkUHaYb5vT8RzCczYcgzJmPGWawMYYJT8PXLXHkFmZZGXFZhiUBzyNMWh8YH16I/wFtUgmaBAQIDAQABo0owSDBGBgNVHQEEPzA9gBAV68U+Vhoc0Nu9qPJXfJSRoRcwFTETMBEGA1UEAxMKRXRhbmEgUm9vdIIQgnOTDbZVCaJFTK8PPAGynTAJBgUrDgMCHQUAA4GBACHLr32oqkFjKGN/fqk2VnsNNIs9niHQ4Q6UbJ252YWf4wFIz9Ho/+ZdFxC4tSHxa/IMH0kzYpRL5p61Zd8/QeryWCStqvoNPwyapaY3g0Pkm6dy6NJ82kX5eJxLjdJp8MVadPJs4VA7Smf+e9lMMoONAGP07AvzAVhtiYK2yMmH" />-->
<certificateReference findValue="57620B95FCE5F4D2071221AFD6B5024A2B6AF08D" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</identity>
</endpoint>
</client>
</system.serviceModel>
WCF Service config:
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<services>
<service name="RPWCFApp.MyService" behaviorConfiguration="MyServiceBehaviour">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration_IssuedTokenOverTransport" contract="RPWCFApp.IMyService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehaviour">
<federatedServiceHostConfiguration />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="81A5DB3796F48B00FAC37CE67D7D8CA43078B996" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
</extensions>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration_IssuedTokenOverTransport">
<security authenticationMode="IssuedTokenForCertificate" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
<issuedTokenParameters keyType="SymmetricKey" tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
<issuer address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc" binding="ws2007HttpBinding" bindingConfiguration="IssuedTokenBinding" />
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex" />
</issuedTokenParameters>
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="IssuedTokenBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Windows" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
</system.serviceModel>
Sorted out my problem by changing the binding in the service config to ws2007FederationHttpBinding instead of CustomBinding and update my client service reference.
<bindings>
<ws2007FederationHttpBinding>
<binding name="serviceBinding" receiveTimeout="05:00:00" sendTimeout="05:00:00">
<security mode="Message">
<message>
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex"/>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
Then because I'm using self-signed certificates, I had to change the certificateValidationMode using the following endpoint behaviour in the client config:
<behaviors>
<endpointBehaviors>
<behavior name="MyServiceBehavior" >
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
And finally I just had to ensure my certificate was in the Trusted People store and finally I get the correct IClaimsIdentity when invoking the service :)
Hope this helps someone out there, because it drove me nuts for a while...
I have a WCF service with custombinding and it is working fine on either http or https. But I have totally no idea about how can I make it available on both http and https?
Also is it possible to do that?
Here's my configuration in web.config.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="customBinding0">
<binaryMessageEncoding />
<httpsTransport />
</binding>
</customBinding>
</bindings>
<services>
<service name="MyWCFService">
<endpoint address="" binding="customBinding" bindingConfiguration="customBinding0"
contract="MyWCFService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
Thanks
You'll need to have two endpoints, one for HTTP and another for HTTPS. It should work just fine.
<bindings>
<customBinding>
<binding name="customBindingHTTP">
<binaryMessageEncoding />
<httpTransport />
</binding>
<binding name="customBindingHTTPS">
<binaryMessageEncoding />
<httpsTransport />
</binding>
</customBinding>
</bindings>
<services>
<service name="MyWCFService">
<endpoint address=""
binding="customBinding"
bindingConfiguration="customBindingHTTP"
contract="MyWCFService" />
<endpoint address=""
binding="customBinding"
bindingConfiguration="customBindingHTTPS"
contract="MyWCFService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
I have a workflow WCF service (ServiceDMZ) that is installed on a server across the firewall. This service is running under a Windows account on that server. Account name: DMZDomain\DMZUserName.
I have another workflow WCF service that is running on my development machine (ServiceDev). This is a self hosted service running under my Windows account: DevDomain\DevUserName.
ServiceDev communicates with ServiceDMZ using wsHttpContextBinding and context correlation in the Send and Recieve activities. ServiceDMZ uses a callback address to communicate back to ServiceDev when it is done completing a task.
I get this error in the Send activity of ServiceDev:
System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) at System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target) at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) --- End of inner exception stack trace --- at System.ServiceModel.Activities.InternalSendMessage.OnSendFailure(NativeActivityFaultContext context, Exception propagatedException, ActivityInstance propagatedFrom) at System.Activities.Runtime.FaultCallbackWrapper.Invoke(NativeActivityFaultContext faultContext, Exception propagatedException, ActivityInstance propagatedFrom) at System.Activities.Runtime.FaultCallbackWrapper.FaultWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
What should the settings be in the app.config file for ServiceDev and ServiceDMZ?
Thanks!
Hello, thanks for the comments. Here are the configuration files.
ServiceDev
<system.serviceModel>
<services>
<service name="ServiceDev" behaviorConfiguration="ServiceDevBehavior">
<host>
<baseAddresses>
<add baseAddress="http://10.204.78.16:9101/"/>
</baseAddresses>
</host>
<endpoint address="http://10.204.78.16:9101/ServiceDev" binding="wsHttpBinding" contract="IServiceDev" bindingConfiguration="ServiceDevBinding"></endpoint>
<endpoint address="http://10.204.78.16:9101/ServiceDev/mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
<endpoint address="http://10.204.78.16:9101/ServiceDevCallback" binding="wsHttpContextBinding" contract="IServiceDevCallback" bindingConfiguration="ClientServiceDMZBinding"></endpoint>
</service>
</services>
<client>
<endpoint address="http://10.169.24.14:9100/ServiceDMZ" binding="wsHttpContextBinding" contract="IServiceDMZ" name="ClientServiceDMZ" bindingConfiguration="ClientServiceDMZBinding">
<identity>
<userPrincipalName value="DMZUserName#dmzsvr1.mysite.com"/>
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="ServiceDevBinding" maxReceivedMessageSize="8388608">
<security>
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="TripleDesRsa15" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
<wsHttpContextBinding>
<binding name="ClientServiceDMZBinding" clientCallbackAddress="http://10.204.78.16:9101/ServiceDevCallback">
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default"/>
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
</security>
</binding>
</wsHttpContextBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceDevBehavior">
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true"/>
<serviceMetadata httpGetEnabled="true"/>
<sqlWorkflowInstanceStore connectionStringName="MySite.Deployment.Data.Providers.WorkflowInstanceStoreProvider" instanceCompletionAction="DeleteNothing" instanceLockedExceptionAction="BasicRetry" instanceEncodingOption="GZip" hostLockRenewalPeriod="00:01:00"/>
</behavior>
</serviceBehaviors>
</behaviors>
<standardEndpoints>
<dynamicEndpoint>
<standardEndpoint name="ClientServiceDMZDynamicEndpointConfiguration">
<discoveryClientSettings>
<endpoint kind="udpDiscoveryEndpoint" endpointConfiguration="ServiceDMZUDPDiscoveryEndpoint"></endpoint>
</discoveryClientSettings>
</standardEndpoint>
</dynamicEndpoint>
<udpDiscoveryEndpoint>
<standardEndpoint name="ServiceDMZUDPDiscoveryEndpoint" discoveryVersion="WSDiscovery11">
</standardEndpoint>
</udpDiscoveryEndpoint>
</standardEndpoints>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
<diagnostics performanceCounters="All">
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="30000" maxSizeOfMessageToLog="2000000">
</messageLogging>
</diagnostics>
ServiceDMZ
<system.serviceModel>
<services>
<service name="ServiceDMZ" behaviorConfiguration="ServiceDMZBehavior">
<host>
<baseAddresses>
<add baseAddress="http://10.169.24.14:9100/"/>
</baseAddresses>
</host>
<endpoint address="http://10.169.24.14:9100/ServiceDMZ" binding="wsHttpContextBinding" contract="IServiceDMZ" bindingConfiguration="ServiceDMZBinding" behaviorConfiguration="ServiceDMZEndpointBehavior" />
<endpoint address="http://10.169.24.14:9100/ServiceDMZ/mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
<endpoint name="udpDiscovery" kind="udpDiscoveryEndpoint" />
</service>
</services>
<bindings>
<wsHttpContextBinding>
<binding name="ServiceDMZBinding" clientCallbackAddress="http://10.204.78.16:9101/ServiceDevCallback">
<security>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default"/>
<transport clientCredentialType="Windows" realm="" proxyCredentialType="None"/>
</security>
</binding>
</wsHttpContextBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceDMZBehavior">
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDiscovery>
<announcementEndpoints>
<endpoint kind="udpAnnouncementEndpoint" />
</announcementEndpoints>
</serviceDiscovery>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ServiceDMZEndpointBehavior">
<endpointDiscovery>
<scopes>
</scopes>
</endpointDiscovery>
</behavior>
</endpointBehaviors>
</behaviors>
<standardEndpoints>
<udpDiscoveryEndpoint>
<standardEndpoint name="ServiceDMZUDPDiscoveryEndpoint" discoveryVersion="WSDiscovery11" maxResponseDelay="00:00:00.600"/>
</udpDiscoveryEndpoint>
</standardEndpoints>
<diagnostics performanceCounters="All">
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="30000" maxSizeOfMessageToLog="2000000">
</messageLogging>
</diagnostics>
This could be is a partial trust problem. Security is WCF requires full trust for full functionality, without this it only supports a subset of the functionality, see http://msdn.microsoft.com/en-us/library/bb412186.aspx
Also if you are using windows authentication it would require trust between the domains, assuming that your machines are in different domains.