How can I encrypt, but not secure WCF messages?

I've created an app that has machines talking to each other across the net. I'd like to use NetTCPBinding and encrypt the messages. H开发者_JS百科owever I don't want or need certificates or windows authentication. I try to set the security mode to Message to get encryption and transport security to none to avoid the certificates/windows authentication but still I get:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

Here's the relevant code:

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;

An answer from this question works: selfhosting wcf server - load certificate from file instead of certificate store

My code:

var certificate = new X509Certificate2("cert.pfx", "");

host = new ServiceHost(MessageProvider, address);
host.Credentials.ServiceCertificate.Certificate = certificate;
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
host.AddServiceEndpoint(typeof(IService), binding, address);
host.Open();

I think this is what you are looking for: Message Security with an Anonymous Client. I suppose the problem in your case is that your service is not specifying a certificate on server-side:

Initial negotiation requires server authentication, but not client authentication

So when instantiating the service try to do something like (from MSDN):

myServiceHost.Credentials.ServiceCertificate.SetCertificate(
     StoreLocation.LocalMachine,
     StoreName.My,
     X509FindType.FindByThumbprint,
     "00000000000000000000000000000000");