none
What does this mean? The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate'. RRS feed

  • Question

  • I get the following error with below client code:

    The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate'.

    Client Code:

          var httpBinding = new WSHttpBinding(SecurityMode.Transport);
                httpBinding.Security.Mode = SecurityMode.Transport;
                httpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

                var httpUri = new Uri("https://11.1.111.111:8080/SomeService");
                var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity("name of server cert"));
                var newFactory = new ChannelFactory<IBonusingService>(httpBinding, httpEndpoint);
                newFactory.Credentials.ClientCertificate.Certificate = win32ScepClient.MyCertificate2;

               // newFactory.Credentials.Windows.AllowNtlm = true;
               // newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindByThumbprint, "server certificate thumbprint");
                var channel = newFactory.CreateChannel();

                channel.EstablishHandShake("test");

    //server code

       ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
                smb.HttpsGetEnabled = true;
                smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
                var httpBinding = new WSHttpBinding(SecurityMode.Transport);
                httpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
                var httpUri = new Uri("https://11.1.111.149:8080/MyService");
                var _host = new ServiceHost(typeof(XXX.MyService), httpUri);
              
                _host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My,
                    X509FindType.FindBySerialNumber, currentCertificate.SerialNumber);
                _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
                _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;
                _host.AddServiceEndpoint(typeof(IBonusingService), httpBinding, httpUri);
                _host.Description.Behaviors.Add(smb);
                _host.Open()

    Thanks

    Bob

                            
    Friday, March 13, 2015 11:47 AM

Answers

  • The fix was:

     httpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;

    Bob

    • Marked as answer by Bob12543 Saturday, March 14, 2015 1:45 PM
    Saturday, March 14, 2015 1:45 PM

All replies

  • The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate'.

    It means that Windows Authentication is beine used, which would be used in private Windows Doamin solution in a private network behind a fiewall. It's not the authentication needed if the solution is being exposed to the public Internet for public Internet access.

    https://msdn.microsoft.com/en-us/library/ms789031%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

    Friday, March 13, 2015 3:38 PM
  • The fix was:

     httpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;

    Bob

    • Marked as answer by Bob12543 Saturday, March 14, 2015 1:45 PM
    Saturday, March 14, 2015 1:45 PM
  • The fix was:

     httpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;

    How did this fix answer the question of what does the authentication mean?

    Saturday, March 14, 2015 2:12 PM