none
What does this mean? The authentication header received from the server was 'Negotiate,NTLM,Basic realm="..."' RRS feed

  • Question

  • I have the following in my client web.config.   Apparently the service I'm calling has Windows + Basic based on the part of the error  "The authentication header received from the server was 'Negotiate,NTLM,Basic".  

    Is it because I'm only passing windows credentials I get the error?

    The full error:

    The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic realm="..."'

    <authentication mode="Windows" />
          <identity impersonate="true"/> 

    ...

     <basicHttpBinding>
            <binding name="BasicHttpBinding_IMyService">
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpBinding>

    How to get around it? I can only set clientCredentialType once.


    • Edited by dat1 Monday, March 10, 2014 3:07 AM
    Monday, March 10, 2014 3:07 AM

All replies

  • Hi,

    >>The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic realm="..."'

    From your description, I know that you want to use the window authentication.

    When occur the above problem, please try to go to IIS and ensure that anonymous access is disabled and only Windows authentication is enabled.

    For more information, please try to refer to:
    #Eight steps to enable Windows authentication on WCF BasicHttpBinding:
    http://www.codeproject.com/Articles/36289/steps-to-enable-windows-authentication-on-WCF-Ba .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, March 10, 2014 9:18 AM
    Moderator
  • I checked with my admins where the WCF service is hosted and the site that is returning the  "The authentication header received from the server was 'Negotiate,NTLM,Basic " message is configured with Windows + Basic.

    From what I recall, it's this way because the site is using MS ISA Server and will use Windows Authentication when a user is on the network and will use Basic if being accessed outside the network.

    I'm guessing that the cause why "Basic" is being included in the message?   I checked the 8 steps document and don't see anything different.

    If I'm passing 

    myproxy.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;

    I don't get why I'm being denied. Is this the double-hop issue?


    • Edited by dat1 Monday, March 10, 2014 3:29 PM
    Monday, March 10, 2014 12:36 PM
  • Hi,

    I am sorry, that I did not see that you also used the basic authentication, but you do not config the wcf to use the basic authentication in your previous config file, so please try to modify it as following:

    <basicHttpBinding>
     <binding name="BasicHttpBinding_IMyService">
    <security mode="Transport"> <transport clientCredentialType="Windows" proxyCredentialType="None" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding>
    <basicHttpBinding>

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Tuesday, March 25, 2014 6:36 AM
    Moderator
  • Hi  you can just change the <transport> tag from <transport clientCredentialType="Windows" /> to <transport clientCredentialType="Ntlm" />

    Tuesday, October 10, 2017 12:55 PM