Project 2013 PSI wcf connection problem RRS feed

  • Question

  • Hi, I have web part published on project web access application (PWA) and connects to /_vti_bin/PSI/ProjectServer.svc through wcf service. Web part throws exception:

    System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'.

    The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an

    error: (401) Unauthorized.

                                          |  Server stack trace:                                       |     in System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)                                       |     in

    System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)                                       |     in

    System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)                                       |     in System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)                                       |     in System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)                                       |     in System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)                                       |     in System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

     Here is the code that creates binding point, it works fine when in console application (but throws exception above when in web part):

    private static ProjectClient CreateProjectClient(string pwaUrl)
                const int maxsize = 500000000;
                const string svcUrl = "/_vti_bin/PSI/ProjectServer.svc";
                BasicHttpBinding binding = pwaUrl.Contains("https:") ?
                    new BasicHttpBinding(BasicHttpSecurityMode.Transport) :
                    new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly);
                binding.Name = "basicHttp_Project";
                binding.SendTimeout = TimeSpan.MaxValue;
                binding.MaxReceivedMessageSize = maxsize;
                binding.ReaderQuotas.MaxNameTableCharCount = maxsize;
                binding.MessageEncoding = WSMessageEncoding.Text;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
                binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
                binding.UseDefaultWebProxy = false;
                var address = new EndpointAddress(SPUrlUtility.CombineUrl(pwaUrl, svcUrl));
                var client = new ProjectClient(binding, address);
                if ((client.ChannelFactory != null) && (client.ChannelFactory.Credentials != null))
                    client.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
                    client.ChannelFactory.Credentials.Windows.AllowNtlm = true;
                return client;

    It also works when I define credentials like

    client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("login", "password", "domain");

    but I need to run under current user. I'm also check double hop problem and user permissions - no luck.

    I hope somebody can help me, thanks.

    Saturday, November 21, 2015 9:53 AM

All replies

  • hi, you should try:

    client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials

    Please mark this reply as an answer if this was valuable for you.

    If you think this was valuable please mark my reply as a valid answer. Thanks. Kind Regards, João Frederico Neto --

    Monday, November 23, 2015 4:40 PM
  • Thank you for answer.

    I disabled impersonation on IIS and now service run under application pool credentials, but I need to run it under current user, CredentialCache.DefaultNetworkCredentials does't work also.

    Friday, November 27, 2015 2:32 PM