When does WCF NetTcpBinding need full trust on the client?

I'm using WCF to communicate to several servers.

For my local server netTcpBinding works like expected, no problems.

But when I try to connect to my remote server (Azure) using the following netTcpBinding in app.config, this will crash the application on initialization since the netTcpBinding can't be created without full trust.

This binding in the app.config file,

<bindings>
  <netTcpBinding>
    <binding name="NetTcpBinding_IService" closeTimeout="00:01:00"
      openTime开发者_高级运维out="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
      hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
      maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00"
        enabled="false" />
      <security mode="Transport">
        <transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
</bindings>

It will result in this error:

An error occurred creating the configuration section handler for "system.serviceModel/bindings": That assembly does not allow partially trusted callers. (K:\Somepath\Testing.exe.Config line 6)

The strange thing: In the app.config file I got client endpoints connecting to other netTcpBindings (without declaring them explizitely in the binding section).

Why do these generic netTcpBindings work in partial trust, but the one I showed above does not?

Or am I just confused by this error message and the problem is not about full trust?

Update: If I remove the <binding> section the stuff will run without problems. So I'm allowed to use netTcpBinding in partial trust, but I'm not allowed to modify the parameters? This is a pity since I'd like to have some form of encryption on my communication.

NetTcpBinding in general is not supported in partial trust environments.

While the basic communication works fine (as you've seen in other environments), features like TransportSecurity and ReliableMessaging (which you have on your sample configuration) are explicitly not supported on partial trust (it sucks, big time).