To give you some background, I've been trying to modify our local hosting arrangement so that an existing WCF service is hosted in IIS locally, dispensing of the current host console application.
I created a new WCF project which contains nothing more than a svc and web.config.
The svc references a servcie factory in the service assembly and the web.config is at the low end of complexity. This mimics how the service is deployed in our dev/test/uat/pre-prod environment.
The service has a service behavior that sets the certificate validator during the call to AddBindingParameters - this has worked for longer than I have been working at the company.
The problem is locally, AddBindingParameters gets called numerous times, but ultimately with the channel state set to "opened" and the service credentials object set to readonly, mushroom clouding.
I thought it may be environmental but I've scoured IIS looking for the "set to evil" flag, no luck. I tried deploying the service (file copy) to a known good server - no good, same issue. Environmental, I say. So I tried copy a known good service locally (file copy) - no good. OK, WTF. Checked the installer (the service is installed with a WiX installer) - it does create the virtual directory but nothing stands out.
I know I could move the authorisation logic into an authorisation policy but I'm reluctant to change something that has worked for so long without understanding the underlying issue.
At this point I'm ready to give up unless I get some good ideas!