locked
NTLM Security issue RRS feed

  • Question

  • Hi

      I have a security issue regarding NTLM with report server,It is working fine in development environment but once we deployed production its not working ,the error in log is like this

    The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.
    Server stack trace:
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
      </startup>

      <system.serviceModel>
        <bindings>
           <basicHttpBinding>
              <binding name="ReportExecutionServiceSoap" closeTimeout="00:01:00"
               openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
               allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
               maxBufferSize="5000000" maxBufferPoolSize="524288" maxReceivedMessageSize="5000000"
                transferMode="Buffered"
               useDefaultWebProxy="true">
                  <readerQuotas maxDepth="32" maxStringContentLength="500000" maxArrayLength="5000000"
                    maxBytesPerRead="500000" maxNameTableCharCount="500000" />
                  <security mode="TransportCredentialOnly">
                      <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""/>
                      <message clientCredentialType="UserName" algorithmSuite="Default"/>
                  </security>

              </binding>
          </basicHttpBinding>
        </bindings>
        <client>
          <endpoint address="http://MYPRODUCTION/ReportServer/ReportExecution2005.asmx"
              binding="basicHttpBinding" bindingConfiguration="ReportExecutionServiceSoap"
              contract="SSRSReportExecutionService.ReportExecutionServiceSoap"
              name="ReportExecutionServiceSoap" />
        </client>
      </system.serviceModel>

    Please help me to solve the problem


    Thanks & Regards Manoj

    Monday, June 1, 2015 6:49 AM

Answers

  • It is Permission in Server , Administrative tools --->Local Security Policy--->Local Policy -->Security options --->Lan Manager Authentication Level  Need to choose  ---Send LM & NTLM Responses

    It works fine, thank you very for evey one


    Thanks & Regards Manoj

    • Marked as answer by Manoj kumar A Wednesday, June 3, 2015 5:02 AM
    Wednesday, June 3, 2015 5:02 AM

All replies

  • Please try to add the following in your configure file:

    <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm"/>
        <message clientCredentialType="UserName" algorithmSuite="Default"/>
    </security>

    For more information, please try to refer to the following articles:

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/3651246b-49ae-4f5e-b444-6752bf085910/the-http-request-is-unauthorized-with-client-authentication-scheme-anonymous-the-authentication?forum=wcf


    Please Mark Answer if it solved your issue, Vote As Helpful if it helps to solve your issue

    Monday, June 1, 2015 6:59 AM
  • Hello - Are you invoking reports from your .NET application or directly over the browser ?

    If you are using application to create instance of SSRS and failing then this link might help you here:

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/79fb04da-5fa5-4805-8764-29f3f7aee87f/security-negotiation-issue-when-acessing-an-ssrs-instace-from-a-c-net-4-application?forum=csharpgeneral


    Good Luck!
    Please Mark This As Answer if it solved your issue.
    Please Vote This As Helpful if it helps to solve your issue

    Monday, June 1, 2015 7:02 AM
  • Hi Manoj,

    According to your description, you come across an error “The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. ” when accessing the report server, right?

    Regarding the error message, the issue could be caused by that NTLM identity is not passed across virtual folders / remote processes when NTLM authentication is used. To resolve the issue, you could try the solutions mentioned in this article: NTLM vs KERBEROS - Windows Communication Foundation.

    Besides, the similar issue could be resolved by allowing both report server and IIS run under LocalSystem. For more information, please refer to this similar thread: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

    If you have any question, please feel free to ask.

    Best regards,
    Qiuyun Yu


    Qiuyun Yu
    TechNet Community Support


    Tuesday, June 2, 2015 3:27 AM
  • It is Permission in Server , Administrative tools --->Local Security Policy--->Local Policy -->Security options --->Lan Manager Authentication Level  Need to choose  ---Send LM & NTLM Responses

    It works fine, thank you very for evey one


    Thanks & Regards Manoj

    • Marked as answer by Manoj kumar A Wednesday, June 3, 2015 5:02 AM
    Wednesday, June 3, 2015 5:02 AM