none
Get "Unauthorized" from WCF_Custom SendPort RRS feed

  • Question

  • 1. Using SOAP UI, I can call webservice with specific user/pass.

    2. In BizTalk, I have a WCF-Custom SendPort.  On the credentials tab I pasted in the same userid/password under the "Do not use Single Sign-On" section.  I have verified that the URL is identical.  The url starts with https (so is using SSL).

    3. Below are some of my settings on the "Binding" tab.

    What else could I be missing? 

    Thanks,
    Neal



    Monday, July 13, 2015 5:50 PM

All replies

  • Hi Neal,

    SSL layer require certificate sometimes, please verify by browsing your service URL, in the Internet Explorer and see if it gives certificate error if it does than download the certificate and install it on your local system and configure same certificate at HttpsTransport.

    for more details about issue please check event log and let us know what issues you are facing.

    Regards,

    Sharad

    Monday, July 13, 2015 7:10 PM
  • No certificate required, otherwise SOAP-UI would not have worked.

    This is the SOAP Fault I get back, I'm catching it:

    <soap:Fault xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <faultcode>soap:Server</faultcode>
      <faultstring>Unauthorized</faultstring>
    </soap:Fault>

    Neal

    Monday, July 13, 2015 7:22 PM
  • I changed "authenticationSchema" on above screen show from Ntlm to Basic.

    Same exact error.

    The SOAP_UI security is provided as shown below:

    Neal

    Tuesday, July 14, 2015 2:26 PM
  • Do I need a Custom EndPoint Behavior as shown here:

    http://www.codit.eu/blog/2014/03/28/star-using-windows-credentials-in-wcf-custom-adapter/

    and discussed here (as a solution, but no details).

    https://social.msdn.microsoft.com/Forums/en-US/5cdc2aee-5b6b-4d49-a17c-402a97703f84/basic-auth-header-using-wcfcustom-adapter-http-header-authorization?forum=biztalkgeneral

    I'll probably going to give it a try.

    If I do need a custom endpoint behavior, then what is the purpose for the "user name credentials" on the Credentials tab?

    Thanks,

    Neal

    Tuesday, July 14, 2015 4:23 PM
  • After reading that post the custom end point behavior is for if you are using NTLM and need to send custom credentials. In this case if you are using basic authentication then you have to be sure that the credentials are entered (do you need domain name) and that the end point is expecting the values you are passing. Perhaps the configuration is not quite right in the service configuration.

    I would pay closer attention to some of the security options and that the username & password are passed as expected. It is likely the configuration of the username and password are not being transmitted as expected.

    Tuesday, July 14, 2015 6:26 PM
  • But the second post was regarding Basic Auth, and said it was fixed by same.

    I have learned that in SoapUI, if I put bad password I get "Authenticiation Failed". 

    So I have now put a bad password in Biztalk ports, and still get "Unauthorized". 

    It took me most of the day, but I did implement a custom behavior extension, and it still gives me "Unauthorized".

    I tried Fiddler earlier today, but it didn't capture anything.  I'll probably return to that next.
    WireShark captures the packets but since it is https cannot read them.

    Neal 

    Tuesday, July 14, 2015 10:07 PM