Error with PSI through WCF and proxy assemblies RRS feed

  • Question

  • Hi,

    I'm trying to consume PSI services using WCF from generated proxy assemblies, but it just works for the current user (windows authentication).

    Some PSI services are user "dependent", so it just gives me part of the result if I'm not logged on with an administrator account. To get all data, I'm using RunWithElevatedPrivileges on a SharePoint webpart that consumes this service, because it will use the application pool account that has all the privileges I need to get all data. But when I call this code using RunWithElevatedPrivileges I get the following error message:

    "The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'."

    I saw two possible fixes, but both involves changing Windows Registry keys, and I can't do this.


    Do you have any tips?


    Here is my code (static methods to get client classes from proxy assemblies):

    public static ResourceClient GetResourceClient(String urlPWA)
                var binding = GetBinding(urlPWA);
                EndpointAddress address = new EndpointAddress(urlPWA + svcRouter);
                ResourceClient client = new ResourceClient(binding, address);
                client.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
                client.ChannelFactory.Credentials.Windows.ClientCredential = SPHelper.AdminCredentials();
                client.ClientCredentials.Windows.ClientCredential = SPHelper.AdminCredentials();
                client.ClientCredentials.Windows.AllowNtlm = true;
                client.ChannelFactory.Credentials.Windows.AllowNtlm = true;
                return client;
            private static BasicHttpBinding GetBinding(String urlPWA)
                Uri uriPWA = new Uri(urlPWA);
                BasicHttpBinding binding = null;
                if (uriPWA.Scheme.Equals(Uri.UriSchemeHttps))
                    binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
                    binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly);
                binding.Name = "basicHttpBinding";
                binding.SendTimeout = TimeSpan.MaxValue;
                binding.MaxReceivedMessageSize = MAXSIZE;
                binding.ReaderQuotas.MaxNameTableCharCount = MAXSIZE;
                binding.MessageEncoding = WSMessageEncoding.Text;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
                return binding;

    And the code that calls the service method:

    ResourceClient client = PSIHelper.GetResourceClient("http://serverName/pwa");
                Guid normal = client.GetCurrentUserUid();

    Juliano Nunes
    Tuesday, December 27, 2011 1:10 PM

All replies

  • Hi there,

    Following similar thread might help:

    What is the clientCredentialType in app config file? if you are having Kerberos, use the
    <security mode="Transport"> 
    <transport clientCredentialType="Windows" /> 

    <binding name="Reference" closeTimeout="00:01:00" openTimeout="00:01:00" 
    ="00:10:00" sendTimeout="00:01:00" allowCookies="false" 
    ="false" hostNameComparisonMode="StrongWildcard" 
    ="2000000" maxBufferPoolSize="2000000" maxReceivedMessageSize="2000000" 
    ="Text" textEncoding="utf-8" transferMode="Buffered" 
    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
    ="4096" maxNameTableCharCount="16384" /> 
    <security mode="Transport"> 
    <transport clientCredentialType="Windows" /> 
    <endpoint address="https://path/to/site/_vti_bin/Lists.asmx" 
    ="basicHttpBinding" bindingConfiguration="TestServerReference" 
    ="TestServerReference.ListsSoap" name="TestServerReference" /> 

    Thanks, Amit Khare |EPM Consultant| Blog:
    Friday, December 30, 2011 11:38 AM