WCF over net.tcp with server certificate: Identity check failing

We support using net.tcp and require our users to supply the certificate to use. The service works as long as the address and the DNS name of the certificate match. When using an other name (localhost, ip address) an MessageSecurityException is thrown:

Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘NAME_IN_ADDRESS’ but the remote endpoint provided DNS claim ‘NAME_IN_CERTIFICATE’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘NAME_IN_CERTIFICATE’ as the Identity property of EndpointAddress when creating channel proxy.

Reading the message I assumed that this would require a change at the service, but the client/proxy needs to be updated. Since we program the proxy in stead of generating we are in full control. The changed constructor of our CustomProxy in the code below

static EndpointIdentity Identity {
    get { return new DnsEndpointIdentity("NAME_IN_CERTIFICATE"); }
public CustomProxy(Binding binding, string address) :
    base(binding, new EndpointAddress(new Uri(address), Identity)) {
   // other constructor code

Now the service is accessible from the dns name, localhost, ip address and other mapped names.

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.
This entry was posted in Development and tagged . Bookmark the permalink.

2 Responses to WCF over net.tcp with server certificate: Identity check failing

  1. Mourad says:


    I’ve exactly the same issue, but no experience in proxies/wcf
    Can you please tell me more on how i can create this CustomProxy and how to use it ?

    Thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.