We support using net.tcp and require our users to supply the certificate to use. The service works as long as the address and the DNS name of the certificate match. When using an other name (localhost, ip address) an MessageSecurityException is thrown:
Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘NAME_IN_ADDRESS’ but the remote endpoint provided DNS claim ‘NAME_IN_CERTIFICATE’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘NAME_IN_CERTIFICATE’ as the Identity property of EndpointAddress when creating channel proxy.
Reading the message I assumed that this would require a change at the service, but the client/proxy needs to be updated. Since we program the proxy in stead of generating we are in full control. The changed constructor of our CustomProxy in the code below
static EndpointIdentity Identity {
get { return new DnsEndpointIdentity("NAME_IN_CERTIFICATE"); }
}
public CustomProxy(Binding binding, string address) :
base(binding, new EndpointAddress(new Uri(address), Identity)) {
// other constructor code
}
Now the service is accessible from the dns name, localhost, ip address and other mapped names.
.NET Development by Eric 
Hi,
I’ve exactly the same issue, but no experience in proxies/wcf
Can you please tell me more on how i can create this CustomProxy and how to use it ?
Thank you
Check my post about setting this up nettcpbinding from anonymous website