none
The caller was not authenticated by the service...

    Question

  • I am writing my first WCF code, and I managed to get it to work when BOTH the client and the server are running on the same computer.

    I am hosting the WCF in a Windows service on the server.

    From the client side, I can easily browse to http://myServer:8080/myWCF?wsdl

    But when I add the service reference to this WSDL and try to run the client application (from on a different machine) i am getting the error:
    The caller was not authenticated by the service...

    What do I need to do to get this to work?

    I haven't set up any authentication so far!

    ANY help would be greatly appeciated guys!

    Thanks
    Tuesday, March 27, 2007 4:25 PM

Answers

  • Whats the difference between basicHttpBinding and wsHttpBinding?

    wsHttpBinding employs message level security and uses Windows security as the default client authentication

    basicHttpBinding has security turned off by default.

     

    How do I configure authentication for wsHttpBinding?

    You set the client credential type

    http://msdn2.microsoft.com/en-us/library/ms788755.aspx

    Here's some more info on securing clients and services:

    http://msdn2.microsoft.com/en-us/library/ms734736.aspx

     

    Trevor's right.  How you do authentication depends on your deployment.  The default authentication for wsHttpBinding is to use Windows Security which usually means kerberos.  If you are not in a domain, Windows security will fall back to ntlm. 

     

    (In case you are not on a domain, here's how you set up your service for ntlm to work:

    Ensure that a local user account exists on the service machine.

    The user account must have the same password on both machines, and the password must not be blank.)

     

    Here are some more pointers on figuring out which bindings you want to use:

     

    Configuring Services:

    bindings

    http://msdn2.microsoft.com/en-us/library/ms733033.aspx

    securing services

    http://msdn2.microsoft.com/en-us/library/ms734769.aspx

     

    Cheers,

    Ed

    Wednesday, March 28, 2007 2:38 PM
    Moderator

All replies

  • What did you do to setup the bindings (I.e basicHTTP, wsHTTP)?

     

    Any actual code you used would be most helpful. Note: Some binding are secure by default.

    Tuesday, March 27, 2007 6:52 PM
  • Initially, I was trying with the following config file:

    Code Snippet

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.serviceModel>

        <services>
          <service name="ActivityTransfererWCF.ActTransServ" behaviorConfiguration="MyServiceTypeBehaviors">
            <endpoint contract="ActivityTransfererWCF.IActTransServ" binding="wsHttpBinding"/>
            <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
          </service>
        </services>

        <behaviors>
          <serviceBehaviors>
            <behavior name="MyServiceTypeBehaviors" >
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="True" />
            </behavior>
          </serviceBehaviors>
        </behaviors>

      </system.serviceModel>
    </configuration>


    I soon found out that changing wsHttpBinding to basicHttpBinding solves my problem.

    But what is the difference between the two?
    How do you set up authentication in wsHttpBinding?

    thanks


    Wednesday, March 28, 2007 7:07 AM
  • I am sure there are many people who could answer better than I; however, I will share:

     

    First, here is the absolute best resource I found for getting to know WCF (it has many screencasts that I found to be very helpful when I started):

     

    http://mtaulty.com/CommunityServer/blogs/mike_taultys_blog/archive/2006/09/13/8875.aspx

     

    There are several videos that walk you through the topic (and many other helpful topics).

     

    Essentially, the beauty of WCF is that very powerful feature enhancements are available by tweaking a few settings, such as the particular binding that you select.

     

    As far as authentication, it is very dependant on your particular deployment. Is your application going to be in a domain controlled environment where users are already authenticated via a domain controller, do you have a database-based application where users need to supply username/passwords, do you have the ability to issue certificates, or use smartcards? .. or a combination?

     

    What is very cool about WCF is that all of these things are supported and can be adjusted by changing a few settings in the config files (or hard-coded within).

     

    Watch the videos, I suspect they will help greatly.

     

    Trevor

    Wednesday, March 28, 2007 8:21 AM
  • Whats the difference between basicHttpBinding and wsHttpBinding?

    wsHttpBinding employs message level security and uses Windows security as the default client authentication

    basicHttpBinding has security turned off by default.

     

    How do I configure authentication for wsHttpBinding?

    You set the client credential type

    http://msdn2.microsoft.com/en-us/library/ms788755.aspx

    Here's some more info on securing clients and services:

    http://msdn2.microsoft.com/en-us/library/ms734736.aspx

     

    Trevor's right.  How you do authentication depends on your deployment.  The default authentication for wsHttpBinding is to use Windows Security which usually means kerberos.  If you are not in a domain, Windows security will fall back to ntlm. 

     

    (In case you are not on a domain, here's how you set up your service for ntlm to work:

    Ensure that a local user account exists on the service machine.

    The user account must have the same password on both machines, and the password must not be blank.)

     

    Here are some more pointers on figuring out which bindings you want to use:

     

    Configuring Services:

    bindings

    http://msdn2.microsoft.com/en-us/library/ms733033.aspx

    securing services

    http://msdn2.microsoft.com/en-us/library/ms734769.aspx

     

    Cheers,

    Ed

    Wednesday, March 28, 2007 2:38 PM
    Moderator
  • Hi Ed,

    In case I want to host my WCF service through internet, what security mode should I choose? I tried message (default by wsHttpBinding) but the client still got msg "The caller was not authenticated by the service"...


    Thanks
    Wednesday, May 20, 2009 4:10 AM
  • Hi Ed,

     

    I have the same problem with my client and service sitting on different domains.

    So I created user account with the same name and password on both machines, and set that account to run the service, but after that, I cannot go any further in terms of fixing the error.

    Service side

      <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_ServiceContract" maxBufferPoolSize="52428800" maxReceivedMessageSize="52428800">
                    <readerQuotas maxDepth="32" maxStringContentLength="52428800" maxArrayLength="52428800" maxBytesPerRead="52428800" maxNameTableCharCount="52428800"/>
                    <reliableSession ordered="true" inactivityTimeout="00:20:00" enabled="false" />
                    <security mode="Message">
                        <message clientCredentialType="Windows"
                                 negotiateServiceCredential="true"
                                 algorithmSuite="Default"
                                 establishSecurityContext="true" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client />
        <services>
          <service behaviorConfiguration="ServiceBehavior" name="MyService.ServiceImplementation">
            <endpoint binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ServiceContract"
              contract="MyService.ServiceContract">
              <identity>
                <servicePrincipalName value="host/MyService" />
              </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            <host>
              <baseAddresses>
                <add baseAddress="http://localhost:8888" />
              </baseAddresses>
            </host>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="ServiceBehavior">
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
                <!--  <serviceAuthorization impersonateCallerForAllOperations="false" /> -->
            </behavior>
          </serviceBehaviors>
        </behaviors>
      </system.serviceModel>

    and then client side

        <system.serviceModel>
            <behaviors>
              <endpointBehaviors>
                <behavior name="EndPointBehavior">
                  <clientCredentials>
                    <windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
                  </clientCredentials>
                </behavior>
              </endpointBehaviors>
            </behaviors>     
            <bindings>
                <wsHttpBinding>
                    <binding name="WSHttpBinding_ServiceContract" maxBufferPoolSize="52428800"
                        maxReceivedMessageSize="52428800">
                      <readerQuotas maxDepth="32" maxStringContentLength="52428800"
                          maxArrayLength="52428800" maxBytesPerRead="52428800" maxNameTableCharCount="52428800" />
                      <reliableSession ordered="true" inactivityTimeout="00:20:00"
                          enabled="false" />
                      <security mode="Message">
                        <transport clientCredentialType="Windows"
                         proxyCredentialType="None" realm="" />
                        <message clientCredentialType="Windows" negotiateServiceCredential="true"
                            algorithmSuite="Default" establishSecurityContext="true" />
                      </security>
                    </binding>
                </wsHttpBinding>
            </bindings>
            <client>
                <endpoint address="http://10.1.1.120:8150" binding="wsHttpBinding" behaviorConfiguration="EndPointBehavior"
                    bindingConfiguration="WSHttpBinding_ServiceContract" contract="MyDB.ServiceContract"
                    name="WSHttpBinding_ServiceContract">
                    <identity>
                        <servicePrincipalName value="host/MyService" />
                    </identity>               
                </endpoint>
            </client>
         
            <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
        </system.serviceModel>

    I keep getting the error "The Security Support Provider Interface (SSPI) negotiation failed."

    What am I missing here?

    Wednesday, July 28, 2010 4:44 PM