CoreWCF.UnixDomainSocket: Missing stream upgrade for PosixIdentity client credential type
A CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credential type does not require the client to perform the application/unixposix strea
What changed
A CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credential type does not require the client to perform the application/unixposix stream upgrade before dispatching messages.
Who it affects
Users of CoreWCF v1.8.0 and earlier, and v1.9.0, who use UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity.
What to do today
Upgrade to CoreWCF v1.8.1 or v1.9.1, or apply workaround: restrict filesystem access to the UDS socket file using owner/group/mode, and avoid relying on ServiceSecurityContext.PrimaryIdentity for authorization decisions.