netTcpBinding没有Windows凭据?

当然可以,但前提是您使用消息安全(而不是传输安全)。按如下方式定义绑定配置:

  <netTcpBinding>
    <binding name="UserNameSecurity">
      <security mode="Message">
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  </netTcpBinding>

然后在端点(服务器和客户端)中引用该绑定配置:

 <endpoint address="....."
           binding="netTcpBinding"
           bindingConfiguration="UserNameSecurity"
           contract="IMyService" />

配置:

<behaviors>
  <serviceBehavior>
    <behavior name="ServerInternet">
      <serviceCredentials>
        <serviceCertificate
           findValue="MyServiceCertificate"
           storeLocation="LocalMachine"
           storeName="My"
           x509FindType="FindBySubjectName" />
      </serviceCredentials>
    </behavior>
  </serviceBehavior>
</behaviors>
<services>
  <service name="MyServiceInternet"
           behaviorConfiguration="ServerInternet">
     ....
  </service>
</services>

<message negotiateServiceCredential="true"/>

但是,如果没有任何域控制器,则客户端不信任您的服务,因此它将失败。

所以你应该设定预期 identity of the service 。您可以在服务的WSDL中找到它。默认情况下,如果您托管在IIS上,它似乎是:

<client>
    <endpoint>
        <identity>
            <servicePrincipalName value="host/NETWORKSERVICE"></servicePrincipalName>
        </identity>
    </endpoint>
</client>

我认为你不需要它,但也许你必须允许在服务端匿名登录:

<serviceBehaviors>
    <behavior>
        <serviceCredentials>
            <windowsAuthentication allowAnonymousLogons="true"/>
        </serviceCredentials>
    </behavior>
</serviceBehaviors>