wcf service security

Question

5.00/5 (1 vote)

See more:

Hi all,

I have a hosted wcf in a server. i want to use that service in my windows application . i am sending windows integrated authentication to wcf service but it is throwing the following error.

The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.

the service hosted iis is having windows authentication enabled and both client application and service not in same domain.

Any help will be apperciated.

Posted 28-Oct-11 4:43am

baisak

Add a Solution

Comments

thanosgr 29-Oct-11 4:58am

same issue here

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

TheyCallMeMrJames · Answer 1 · 2011-10-29T19:14:00

Solution 1

Are you using WsHttpBinding? If so, you'll have to bypass the built-in security for IIS and let WCF pick up the authorization. Enable anonymous authentication on your virtual directory and this should work.

Cheers.

Posted 29-Oct-11 19:14pm

TheyCallMeMrJames

Comments

Dylan Morley 2-Nov-11 6:22am

Comment from OP:

no, i am using basichttpbinding.

Dylan Morley · Answer 2 · 2011-11-02T00:30:00

In your client application config, make sure you've setup your binding along the following lines...

XML

<bindings>
  <basicHttpBinding>
    <binding name="MyBinding" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        allowCookies="false" bypassProxyOnLocal="true" hostNameComparisonMode="StrongWildcard"
        maxBufferSize="1000000" maxBufferPoolSize="524288" maxReceivedMessageSize="1000000"
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
        useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

Then you can specifiy your endpoints to use the binding config

XML

<client>
  <endpoint address="http://SomeDomain/SomeApp/SomeService.svc"
      binding="basicHttpBinding" bindingConfiguration="MyBinding"
      contract="MyApp.Contracts.ISomeService" name="ISomeService_Endpoint" />

</client>

And endpoint behaviours...

XML

<behaviors>
  <endpointBehaviors>
    <behavior name="clientEndpointCredential">
      <clientCredentials>
        <windows allowNtlm="true" allowedImpersonationLevel="None" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

In your WCF service client (ClientBase<t>) make sure you've initialised your credentials...I use a little wrapper class to help with this and communication faults.

C#

public class WCFServiceClient<t> : ClientBase<t>,
        IDisposable where T : class
    {
        #region ctors
        public WCFServiceClient()
        {
            this.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
            this.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
        }

        public WCFServiceClient(string endpointConfigurationName) :
            base(endpointConfigurationName)
        {
        }

        public WCFServiceClient(string endpointConfigurationName, string remoteAddress) :
            base(endpointConfigurationName, remoteAddress)
        {
        }

        public WCFServiceClient(string endpointConfigurationName, System.ServiceModel.EndpointAddress remoteAddress) :
            base(endpointConfigurationName, remoteAddress)
        {
        }

        public WCFServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress) :
            base(binding, remoteAddress)
        {
        }
        #endregion ctors

        void IDisposable.Dispose()
        {
            if (State == CommunicationState.Faulted)
            {
                Abort();
            }
            else
            {
                try
                {
                    Close();
                }
                catch
                {
                    Abort();
                }
            }
        }

    }
</t></t>

Your client service classes can just inherit from this + implement whatever service interface you have defined

My srticle Visual Application Launcher[^] uses a similar approach to the above & has worked OK.