WCF: Transport Level Security Makes Service Hang on Open()

A weird thing… I was working on a WCF sample program today and I was creating my ServiceHost instance from code, like this:

Uri baseAddress = new Uri("net.tcp://localhost:7465/");

singleton = new HelloWorldClassServerProxy(new HelloWorldClass());
ServiceHost serviceHost = new ServiceHost(singleton, baseAddress);

Binding binding = new NetTcpBinding( );
serviceHost.AddServiceEndpoint(typeof(IHelloWorldContract), binding, "HelloWorld");

serviceHost.Open( );

The code I was testing worked just fine, but every time the Open call on the ServiceHost instance was executed, it took about 12 seconds. I used WCF tracing and I found out that an ActiveDirectoryOperationException exception was being thrown (but handled) with the message “Current security context is not associated with an Active Directory domain or forest.”

That message is definitely correct, and some reflectoring revealed that the method Domain.GetCurrentDomain throws this exception on my system, after waiting those 12 seconds for something unknown to happen. Seems correct, in a way, because my system is not part of a domain – funny though that I can observe the exact same behaviour on a different computer that is in an Active Directory domain. No idea what’s going on there, really.

Anyway, after I had found out that I had the same problem with or without a domain, I thought there had to be a code path through that Open call that wouldn’t arrive at that same exception. A bit difficult to find though, because while WCF tracing logs that exception, it doesn’t include the complete stack trace, so I didn’t know exactly how I ended up in there. So I started playing with the various details of my connection setup. Exchanging my binding for a WSHttpBinding didn’t make any difference, but instantiating the NetTcpBinding with an explicit SecurityMode.None parameter finally got rid of the problem!

Apparently, the default constructor on NetTcpBinding uses SecurityMode.Transport, and when I pass that in explicitely, the problem is back. I have still no idea why something as seemingly harmless as activating transport level security triggers this rather bad behaviour on my systems, but I’ll just go for SecurityMode.None for the time being…

Sorry, this blog does not support comments.

I used various blog hosting services since this blog was established in 2005, but unfortunately they turned out to be unreliable in the long term and comment threads were lost in unavoidable transitions. At this time I don't want to enable third-party services for comments since it has become obvious in recent years that these providers invariably monetize information about their visitors and users.

Please use the links in the page footer to get in touch with me. I'm available for conversations on Keybase, Matrix, Mastodon or Twitter, as well as via email.