Here is the situation, I want many clients to call my web service using username authentication over https. Security is the first priority so I am thinking of using wshttpbinding with message security. I don't know though if my thoughts are correct.
The thing is that I have already something that works but I don't know if it needs changes to achieve better security.
Here is what it's done by now.
<services>
<service name="myService" behaviorConfiguration="myBehavior" >
<endpoint address="" binding="basicHttpBinding" contract="myIService" bindingConfiguration="RequestUserName_BasicHttp" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/myService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="RequestUserName_BasicHttp">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="myvalidator, myNamespace"/>
</serviceCredentials>
So, by this way (which works) I don't think that I have best security (at least I need to send requests over https). What can I do to achieve better/best security? I have tried with wshttpbinding and https but I have some problems with certificates.
The development enviroment is Windows XP, VS2010, IIS7.5 express.
And there are a class library describing the Service and a consoleClient app for consuming it...The client has it's own app.config file in which there are the credentials (username and password).
you are already implementing user id and password verification and if you want to perform encryption and decryption of messages you must use Certificates with HttpsBinding or WsHttpBinding. More information about authentication and authorization in wcf please go through this MSDN documentation
Ok, I took into consideration Ramesh Babu answer and I change a little bit my project.
So instead of creating a class library for wcf service I created a WCF Service Application (there is this option in VS2010).Everything else remained unchanged so I made a new Web.config file like this
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="myName">
<endpoint address="myService.svc" binding="wsHttpBinding"
bindingConfiguration="MyBinding"
contract="myService.ImyService" />
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:44400/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebugincludeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="myService.Authentication.CustomValidator, myService" />
<serviceCertificate
findValue="MyCertificate"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
<connectionStrings>
<add name="myEntities" connectionString="......" />
</connectionStrings>
</configuration>
so I needed to create a certificate and I used SelfCert to create one and copy it to TrustedPeople (typing mmc in run).
After this I created a console app to consume thw service and app.config file of app was built automatically.
Related
I have a WCF service hosted in a Windows Service. I then have a GUI(client) that then communicates to this service. It has recently been reported that communication with the service stops after being idle for 10 minutes.
I have done a bit of research and it looks like the service is discarding the connection due to inactivity. Therefore I want to increase the receive timeout and enable reliable sessions and set an inactivityTimeout to be longer. However when I do this in both the WCF service and clients app.config file I get the following error:
Setting reliableSession enabled="False" causes the client and service to run. ( although only for 10 minutes )
Doing some research the suggestion is this is because of one of the following three reasons:
You have different contracts between client and sender.
You're using a different binding between client and sender.
The message security settings are not consistent between client and sender.
However as far as I can tell the settings / contracts between the client and server are consistent. I'm hoping it's something stupid. Here are my app.config for service and client:
Service
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IHwResourceManagerWcfService" receiveTimeout="infinite" >
<reliableSession enabled="True" inactivityTimeout="infinite"/>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:8523/HwResourceManagerWcfService"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IHwResourceManagerWcfService"
contract="WindowsServices.IHwResourceManagerWcfService" name="NetTcpBinding_IHwResourceManagerWcfService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<services>
<service name="MT.Tools.HwResourceManager.WCF.HwResourceManagerWcfService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration=""
contract="MT.Tools.HwResourceManager.WCF.IHwResourceManagerWcfService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8523/HwResourceManagerWcfService" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IHwResourceManagerWcfService" receiveTimeout="infinite" >
<reliableSession enabled="True" inactivityTimeout="infinite"/>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:8523/HwResourceManagerWcfService"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IHwResourceManagerWcfService"
contract="WindowsServices.IHwResourceManagerWcfService" name="NetTcpBinding_IHwResourceManagerWcfService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Any help would be greatly appreciated.
There are several issues in your configuration. This project seems to be a class library project. Please use the WCF service application template. Then the base address of the service should be configured in IIS, not in the configuration file. In addition, your binding configuration will not take effect because you don’t apply it in the service endpoint.
<endpoint address="" binding="netTcpBinding" bindingConfiguration=""
Please refer to my example.
Server (WCF service application).
IService.
[ServiceContract]
public interface IService1
{
[OperationContract]
string GetData(string value);
}
Service1.svc
public class Service1 : IService1
{
public string GetData(string value)
{
return DateTime.Now.ToLongTimeString();
}
}
Web.config
<system.serviceModel>
<services>
<service name="WcfService3.Service1">
<endpoint address="" binding="netTcpBinding"
contract="WcfService3.IService1">
</endpoint>
<endpoint address="mex" binding="mexTcpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Then we deploy the service in the IIS. Before we deploy it, we should enable windows features for net.tcp protocol.
Add the support for the net.tcp protocol on the website.
Then add the site binding.
One more thing we need to pay attention to is ensuring the below service is on running state.
Client. (by adding service reference, the client proxy sends an invocation)
static void Main(string[] args)
{
ServiceReference1.Service1Client client = new ServiceReference1.Service1Client();
//by default, the nettcpbinding uses windows credential, we should provide server windows account.
client.ClientCredentials.Windows.ClientCredential.UserName = "administrator";
client.ClientCredentials.Windows.ClientCredential.Password = "abcd1234!";
try
{
var result = client.GetData("Hello");
Console.WriteLine(result);
}
catch (Exception)
{
throw;
}
}
App.config.
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IService1">
<security>
<transport sslProtocols="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://vabqia969vm/Service1.svc" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IService1" contract="ServiceReference1.IService1"
name="NetTcpBinding_IService1">
<identity>
<servicePrincipalName value="host/vabqia969VM" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Result.
Feel free to let me know if there is anything I can help with.
After some more reading on this I found both the reason for the error I was seeing and a solution to the connection timeout issue.
The Error - The error was because I had different binding configurations set. By setting to an empty string for both the client and service the error was removed.
The timeout issue - Even with reliable connections enabled and a long timeout for both the inactivity and receive timeouts the 10 minute connection issue remained. I then read a post that suggested that doing a long timeout was the wrong thing to do. Instead it recommended handling the faulted exception and trying to-reconnect.
I really need help here.
I'm trying to deploy a .NET WCF Application I have been working on for the past month for the first time.
I'm using IIS 7 as my WCF host, and working with wsHTTPBinding because I need to use Session object to store credentials. My client is a WPF App that use MVVM pattern with Caliburn.Micro.
So far, I manage (I think) to succesfully create the service on IIS.
If I browse "http://localhost/Ohmio/OhmioService.svc" i see the "You create a service" message. But when I run my client and try to connect to it, my App close with an error "the application has stoped working..." bla bla bla.
This is my server Web.Config:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<system.web>
<compilation targetFramework="4.0"/>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.webServer>
<directoryBrowse enabled="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="myBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="200" maxStringContentLength="8388608" maxArrayLength="16384" maxBytesPerRead="2147483647" maxNameTableCharCount="16384" />
<security mode="None" />
<reliableSession enabled="true" />
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService1.Service1Behavior" name="WcfService1.OhmioSVC">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="myBinding" contract="WcfService1.IOhmioSVC" >
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And this is the Client App.Config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IOhmioSVC" maxReceivedMessageSize="20000000"/>
<security mode="None" />
<reliableSession enabled="true" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Ohmio/OhmioService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IOhmioSVC" contract="OhmioSVC.IOhmioSVC" name="WSHttpBinding_IOhmioSVC">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
Of couse my application works fine on my develope machine.
Please Help! I don't even know where to start looking for the cause.
Thanks!
EDIT
Ok. I put the Try catch as suggested and the error goes:
Exception: Cannot open secure cannel due to security negotiation with remote endpoint.
The inner exception:
This endpoint do not admit the action ... and only proccess WSReliableMessaging
I believe this is a duplicate of this one:
How to configure WCF Service with wsHttpBinding hosted on IIS and consumable over Web?
But I do not have the reputation to mark it as such.
I think the problem is something to do with reliable sessions (not 100% sure but my nerve is telling me). I found some article that might help you with regards to the implementation of reliable session.
Hope this would helped you :)
WCF Duplex not working under Azure.
Everything works fine under IIS Express.
I know duplex binding is problematic because of the server callback, but....
I already shut down my firewall.
TCPView (Sysinternals) shows 10 to 12 packets being sent/received by the client and then it just dies... nothing happens.
I set to 10 minutes all timeouts i could.
Please see my config files below.
SERVER CONFIG:
<system.serviceModel>
<services>
<service behaviorConfiguration="MexBehaviour" name="MySrvc">
<endpoint address="" binding="wsDualHttpBinding" bindingConfiguration="wsDualHttpBinding"
name="wsDualEndpoint" bindingName="wsDualHttpBinding" contract="IMySrvc" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="mexHttpBinding"
name="MexEndpoint" bindingName="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://srvc.azurewebsites.net/MySrvc.svc" />
</baseAddresses>
<timeouts openTimeout="00:10:00" />
</host>
</service>
</services>
<bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding" openTimeout="00:10:00" sendTimeout="00:10:00"
clientBaseAddress="http://xxx.xxx.xxx.xxx:xxx">
<security mode="None">
<message clientCredentialType="None" negotiateServiceCredential="false" />
</security>
</binding>
</wsDualHttpBinding>
<mexHttpBinding>
<binding name="mexHttpBinding" />
</mexHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MexBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
CLIENT CONFIG:
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="wsDualEndpoint">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://srvc.azurewebsites.net/MySrvc.svc"
binding="wsDualHttpBinding" bindingConfiguration="wsDualEndpoint"
contract="SrvcRef.IMySrvc" name="wsDualEndpoint" />
</client>
</system.serviceModel>
I knew this wsDualHttpBinding didn't pass the "smell test"....
From Juval Lowy's book, "Programming WCF Services: Mastering WCF and the Azure AppFabric Service Bus":
...the WSDualHttpBinding is mostly unusable, since it is practically impossible to tunnel through various communication barriers separating the service from the client and the need to find a specific web-server machine makes this impractical.
I solved my problem by simply using netTcpBinding instead....
You just need to get IIS to work with TCP protocol.
There's plenty of articles out there explaining how to do it.
Here's one:
http://msdn.microsoft.com/en-us/library/ms731053.aspx
Cheers.
Question 1: Is there a way to make setspn.exe take effects without the need to restart the computer?
Question 2: I did set the SPN and ran my WCF service on the server. The client connected using Kerberos, then I changed the Identity element at client side and tried again. I found it was using NTLM instead of Kerberos but this is fine.
When I did change the SPN in the WCF service configuration file and re-ran the service (without changing the registered SPN), I found it used Kerberos authentication at client side. why changing the identity element of WCF service doesnt make any effect?
How can this be?
NOTE: I am using fiddler to check the authentication.
Server side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1">
<host>
<baseAddresses>
<add baseAddress = "https://FQDN:PORT/TESTSVC/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
<identity>
<servicePrincipalName value="svc1/FQDN:PORT" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="service_binding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security mode="Transport" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://FQDN:PORT/TESTSVC/"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
<identity>
<servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
I actually have two different problems depending on the way that I try to run the service that look related but show themselves in different ways. Note that the code that I am running is an EXACT duplicate of the code used in Microsofts guide with the exception of different namespaces and slightly different class names.
When I tried to run the service using this method the windows service started successfully but when it did the WCF Service Host box would pop up and it gave an error message that said there is already a listener on IP endpoint localhost:. Here is my config file when I ran this way:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service behaviorConfiguration="CfmaWcfEphemerisLibrary.ServiceBehavior"
name="CfmaWcfEphemerisLibrary.Service1">
<endpoint address="" binding="netTcpBinding" bindingConfiguration=""
contract="CfmaWcfEphemerisLibrary.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8529/Service1" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CfmaWcfEphemerisLibrary.ServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
After fighting for a while I found a suggestion that said enabling port sharing on the tcp connection might help. I tried that but when I try to start the service it fails and in the Windows Events Logs under "Application" i get an error that says:
Service cannot be started. System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:8529. Make sure that you are not trying to use this endpoint multiple times in your application and that there are no other applications listening on this endpoint. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.BufferedConnectionListener.Listen()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels....
I can't figure out why I'm getting a port in use exception on a port that has sharing enabled. Here is my App.config file when I try to run the service with port sharing enabled.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service behaviorConfiguration="CfmaWcfEphemerisLibrary.ServiceBehavior"
name="CfmaWcfEphemerisLibrary.Service1">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="tcpBinding"
contract="CfmaWcfEphemerisLibrary.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8529/Service1" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CfmaWcfEphemerisLibrary.ServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding portSharingEnabled="true" name="tcpBinding" closeTimeout="00:10:00" openTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security>
<transport>
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
It may be the problem with using the same port for metadata exchange:
http://msdn.microsoft.com/en-us/library/aa702636.aspx
see "Sharing a port between a service endpoint and a mex endpoint using the NetTcpBinding" section.
In two words, this fixes the problem:
<endpoint address="net.tcp://localhost:8530/mex" ...>