none
WCF can't communicate with SSL binded SSRS endpoint with NTLM authentication RRS feed

  • Question

  • Hi,

    I'm trying to communicate with SSRS Report server (SSL enbaled) using WCF NTLM authentication. 

    I'm passing the windows domain credentials by using the following code:

    _rsExecClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    _rsExecClient.ClientCredentials.Windows.ClientCredential = credential;

    My end point address is :

    <endpoint address="https://rakshit1.emea.hpqcorp.net/ReportServer/ReportExecution2005.asmx" binding="wsHttpBinding" bindingConfiguration="ReportExecutionServiceSoap" contract="ReportExecutionService2005.ReportExecutionServiceSoap" name="ReportExecutionServiceSoap" />

    and my binding config is

    <wsHttpBinding>
            <binding name="ReportExecutionServiceSoap" allowCookies="true" maxReceivedMessageSize="5242880">
              <security mode="TransportWithMessageCredential">
                <message clientCredentialType="UserName" />
              </security>
            </binding>
          </wsHttpBinding>

    but it throws an error "The username is not provided. Specify username in ClientCredentials"

    If I pass the domain credentials as 

                    ClientCredentials loginCredentials = new ClientCredentials();
                    loginCredentials.UserName.UserName = @"DomainName\Username";
                    loginCredentials.UserName.Password = @"password";
    
                    var credentialBehaviour = _rsExecClient.ChannelFactory.Endpoint.Behaviors.Find<ClientCredentials>();
                    _rsExecClient.ChannelFactory.Endpoint.Behaviors.Remove(credentialBehaviour);
    
                    _rsExecClient.ChannelFactory.Endpoint.Behaviors.Add(loginCredentials);
    it throws error "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM"

    Please let me know what would be the exact WCF configuration and correct way of passing windows domain credentials.

    Thanks and Regards

    Subham Rakshit


    Thanks Subham

    Tuesday, October 1, 2013 9:37 AM

Answers

  • Hi Subham,

    You need make sure Anonymous access is disabled and Windows authentication is enabled at IIS settings and set clientCredentialType as "Windows" as Amit mentioned above. An article on #Eight steps to enable Windows authentication on WCF BasicHttpBinding

    http://www.codeproject.com/Articles/36289/8-steps-to-enable-windows-authentication-on-WCF-Ba

    In addtion, there are some difference between service &client in different domian and both of them in the same domain, you can check a blog below.

    #WCF on intranet with windows authentication: Kerberos or NTLM

    http://blogs.msdn.com/b/tiche/archive/2011/07/13/wcf-on-intranet-with-windows-authentication-kerberos-or-ntlm-part-1.aspx

    And a post on similar issue for your information.

    http://ddkonline.blogspot.in/2009/11/fix-http-request-is-unauthorized-with.html

    Best Regards.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Wednesday, October 2, 2013 2:14 AM
    Moderator
  • Hi Subham,

    I wonder if you have set httpsGetEnabled="true" in the behavior and set security mode as "Transport" rather than TransportWithMessageCredential, a walkthrough about using wsHttpBinding with Windows Authentication and Transport Security you can refer at http://msdn.microsoft.com/en-us/library/ff648431.aspx

    Hope this helps.

    Best Regards.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Thursday, October 3, 2013 9:47 AM
    Moderator
  • Hi Subham,

    Thanks for your feedback.

    >> think httpsGetEnabled="true" should be in WCF service and not in client. right?

    Yes, we need configure this for WCF Service, this allows us to retrieve metadata for the service using an HTTPS/GET request.

    I am not familar with SSRS Webservices, it seems have much difference with WCF Service, for SSRS related issue, I would like to suggest you consult in this forum to get better replies, thanks for your understanding.

    Best Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, October 7, 2013 11:29 AM
    Moderator

All replies

  • Based on the exception, client binding configuration looks wrong. Please try application by changing the binding in client configuration as follows,

    <wsHttpBinding>
           
    <binding name="ReportExecutionServiceSoap" allowCookies="true" maxReceivedMessageSize="5242880">
             
    <security mode="TransportWithMessageCredential">
               
    <message clientCredentialType="Windows" />
             
    </security>
           
    </binding>
         
    </wsHttpBinding>

    HTH,
    Amit Bhatia

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Tuesday, October 1, 2013 9:58 AM
    Moderator
  • Thanks Amit for your prompt reply.

    Unfortunately I tried by changing clientCredentialType to 'Windows' but it didn't help.

    It throws error :

    The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.

    Thanks and Regards

    Subham


    Thanks Subham

    Tuesday, October 1, 2013 10:07 AM
  • Hi Subham,

    You need make sure Anonymous access is disabled and Windows authentication is enabled at IIS settings and set clientCredentialType as "Windows" as Amit mentioned above. An article on #Eight steps to enable Windows authentication on WCF BasicHttpBinding

    http://www.codeproject.com/Articles/36289/8-steps-to-enable-windows-authentication-on-WCF-Ba

    In addtion, there are some difference between service &client in different domian and both of them in the same domain, you can check a blog below.

    #WCF on intranet with windows authentication: Kerberos or NTLM

    http://blogs.msdn.com/b/tiche/archive/2011/07/13/wcf-on-intranet-with-windows-authentication-kerberos-or-ntlm-part-1.aspx

    And a post on similar issue for your information.

    http://ddkonline.blogspot.in/2009/11/fix-http-request-is-unauthorized-with.html

    Best Regards.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Wednesday, October 2, 2013 2:14 AM
    Moderator
  • Hi Haixia,

    Thank you for your reply.

    But the configurations mentioned in the link is for HTTP not for HTTPS. If I don't use SSL, it works properly. Particularly I'm facing problem with SSL.

    Please let me know what would be the config for SSL with NTLM


    Thanks and Regards

    Subham


    Thanks Subham

    Wednesday, October 2, 2013 9:28 AM
  • Hi Subham,

    I wonder if you have set httpsGetEnabled="true" in the behavior and set security mode as "Transport" rather than TransportWithMessageCredential, a walkthrough about using wsHttpBinding with Windows Authentication and Transport Security you can refer at http://msdn.microsoft.com/en-us/library/ff648431.aspx

    Hope this helps.

    Best Regards.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Thursday, October 3, 2013 9:47 AM
    Moderator
  • Hi Haixia,

    Sorry for late reply

    I think httpsGetEnabled="true" should be in WCF service and not in client. right? If so, I don't know how to see the service configuration of SSRS Webservices.

    I tried this on the WCF client but it didn't work.

    Thanks and Regards

    Subham


    Thanks Subham

    Monday, October 7, 2013 9:32 AM
  • Hi Subham,

    Thanks for your feedback.

    >> think httpsGetEnabled="true" should be in WCF service and not in client. right?

    Yes, we need configure this for WCF Service, this allows us to retrieve metadata for the service using an HTTPS/GET request.

    I am not familar with SSRS Webservices, it seems have much difference with WCF Service, for SSRS related issue, I would like to suggest you consult in this forum to get better replies, thanks for your understanding.

    Best Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, October 7, 2013 11:29 AM
    Moderator