none
The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server

    Question

  • Hey!

    I have set up the service as this article states : http://www.leastprivilege.com/CommentView.aspx?guid=b0ed39eb-01d9-4711-8d38-92d932e2e8c3
    (Usernames over Transport Authentication in WCF)

    System : Windows Vista 32 bit
    Internet Information Service : IIS7 with Basic Autentication enabled
    Visual Studio : Visual Studio 2008 that runnes throug the IIS7 instead of the mini IIS

    The web.config on the service looks like this:

                    <behavior name="MyApp.ServiceImplementation.MyAppClientService_Behavior">
                        <dataContractSerializer maxItemsInObjectGraph="2147483647" />
                        <serviceDebug includeExceptionDetailInFaults="true" />
                        <serviceMetadata httpGetEnabled="true" />
                        <serviceCredentials>
                            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Orbit.ServiceImplementation.CustomUsernamePasswordValidator,Orbit.ServiceImplementation" />
                        </serviceCredentials>
                    </behavior>


        <binding name="BasicBinding1" closeTimeout="00:20:00" openTimeout="00:20:00" receiveTimeout="00:20:00" sendTimeout="00:20:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
         <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
         <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Basic" realm=""/>
         </security>
        </binding>

    The service works fine with this settings.

    The Client app.config looks like this :

          <basicHttpBinding>
            <binding name="BasicBinding1" closeTimeout="00:20:00" openTimeout="00:20:00"
              receiveTimeout="00:20:00" sendTimeout="00:20:00" allowCookies="false"
              bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
              messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
              useDefaultWebProxy="true">
              <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
              <security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Basic" realm="" />
              </security>
            </binding>
          </basicHttpBinding>

    But when I try to contact the service I get the followin error:

    "The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm=\"localhost\"'."

    How do I solve this? And why do it appare?
    Thursday, April 10, 2008 3:22 PM

All replies

  •  

    Try using <security mode="Transport"> as the article shows. Also read the comments, and you will find this about hosting in IIS not working: http://www.leastprivilege.com/WCFUsernamesOverTransportAndIISHosting.aspx
    Thursday, April 10, 2008 6:10 PM
  • Hey!

    I am using TransportCredentialOnly to skip the certificate in my test envirement, this was stated to work in the article comments.

    What do I need to do to be able to use User and Password authentication in a WCF. It would be grate if it could be made with out the certificate in my test envirement.
    Friday, April 11, 2008 6:30 AM
  • Did you forget to provide your user name and passwd in your client program?

    Since you are using User Name as the credetial, you should have code similar to the following:
    client.ClientCredentials.UserName.UserName = your-user-name;
    client.ClientCredentials.UserName.Password  = your-passwd;
    • Proposed as answer by sambomartin Wednesday, April 21, 2010 3:14 PM
    Friday, April 11, 2008 2:50 PM
  • Yes, that information are set, and O have set a breakpoint in the CustomUserPaswordValidation that do not trigger.
    Friday, April 11, 2008 3:09 PM
  • Hi,

     

    I am having the same problem. Did you ever find the solution to it?

    Friday, October 17, 2008 1:25 AM
  • Try using you machine account name and password instead of those expected from CustomPasswordvalidator.
    It looks like that you need to use message security to use Custom validation or use

    <basicHttpBinding >
      <
    binding name="basic">
             <
    security mode="TransportWithMessageCredential">
                <
    message clientCredentialType="UserName"/>
             </
    security>
    </
    binding>
    </
    basicHttpBinding>


    Corrado Cavalli [MVP]
    Wednesday, October 29, 2008 6:20 PM
  • Where should I use the machine account?

    I have tried your basicHttpBinding but this most have a https and to get that you have to implement SSL which is a no go in this case.

    Wednesday, February 23, 2011 1:38 PM
  • kurtmarr, did u find a solution for the problem you had? I am interested in finding out why the Custom password validation does not get raised. thanks
    0g
    • Proposed as answer by 0zkitar Friday, May 27, 2011 1:27 PM
    • Unproposed as answer by 0zkitar Friday, May 27, 2011 1:28 PM
    Monday, May 23, 2011 5:09 PM
  • The original error on this thread is resolved if you use credentials from the localhost or domain. A second problem is that even with the localhost credential, the custom user password validator override does not get raised. To address this problem and use custom credentials,  I had to change my settings to the use security mode= TransportWithMessageCredentials and clientCredentialType = UserName.

    I have added more information about this on this blog:

    http://ozkary.blogspot.com/2011/05/http-request-is-unauthorized-with.html

     

    I hope it helps others as well.


    0g
    Friday, May 27, 2011 1:40 PM