Sunday, March 3, 2013

The HTTP request is unauthorized with client authentication scheme



WCF Issue-The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'.

Problem
When calling any WCF/web services/Sharepopint services via WCF, you will normally get this error if you leave the settings as configured by the “Add Service Reference Wizard” :

“The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'.”

Solution

You must specify a non-anonymous impersonation level for your ClientCredentials. Just specifying a username and password for your WCF Service reference's ClientCredentials.UserName.UserName and ClientCredentials.UserName.Password is not sufficient to resolve the problem. This is utter necessary when you are calling service from different domain.

Code Changes
ServiceReference1.Service serviceClient = new ServiceReference1.Service();
            serviceClient.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("username", "password", "domain");
            serviceClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation



Note:
When you are in same domain, don’t have to pass in the Windows.ClientCredential information. You can also set the above values in app.config configuration elements rather than code.


You can use (with descending levels of security):
System.Security.Principal.TokenImpersonationLevel.Identification
System.Security.Principal.TokenImpersonationLevel.Impersonation
System.Security.Principal.TokenImpersonationLevel.Delegation

Config Changes:


  <binding name="BasicHttpBinding_Service" openTimeout="05:00:00"
                    receiveTimeout="05:00:00" maxReceivedMessageSize="1024000">
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Windows" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
                    </security>
                </binding>


Now you run program and above issue is fixed.

3 comments:

  1. thanks, it resolved my issue...

    ReplyDelete
  2. Fixed mine also :)

    ReplyDelete
  3. Thanks. This one bugged me for quite some time.

    ReplyDelete