SOAP Security Negotiation Error in WCF Duplex service

Question

I'm working on a WCF service with duplex communications and having an issue getting it to work anywhere other than through localhost on my dev machine.

No matter what I do, it comes up with the following error:

{"Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/crpnyciis20e'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server."}

My service Web.config is as follows:

<?xml version="1.0"?>
<configuration>    
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>
    <protocolMapping>
      <add scheme="http" binding="wsDualHttpBinding"/>
    </protocolMapping>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

And my client's App.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsDualHttpBinding>
                <binding name="WSDualHttpBinding_IMessagingService" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00" />
                    <security mode="Message">
                        <message clientCredentialType="Windows" negotiateServiceCredential="true"
                            algorithmSuite="Default" />
                    </security>
                </binding>
            </wsDualHttpBinding>
        </bindings>
        <client>
            <endpoint
                binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_IMessagingService"
                contract="CTMessagingServiceReference.IMessagingService" name="WSDualHttpBinding_IMessagingService">
                <identity>
                    <userPrincipalName value="nbdfp2k" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

Any ideas what I could do to get around this issue? If there is any other code that would be helpful in diagnosing, just let me know... none of the rest of it really has to do with connection config, that I know of.

Answer 1

Not sure if this would fix your issue, but you are missing the address in the client endpoint and also the clientbaseaddress in your binding configuration(It should differ from your endpoint address).

Answer 2

Not sure if this is the ideal way of doing it but you can try removing the following "identity" node from your client config -

<identity>
     <userPrincipalName value="nbdfp2k" />
</identity>