none
BassicHttpBinding wcf service with Windows Authendication. RRS feed

  • Question

  • Hi,

     I Created a WCF service with BasicHttpBinding  and hosted in IIs with windows authedication  enabled and rest all are disabled.

    I want to test my WCFClient which can handle with windows secured services But when I try to view the service in browser It is throwing the following exception.

     

    My app.config file is as follows

     


    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>

      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
      </appSettings>
      <system.web>
        <compilation debug="true" />
       <authentication mode="Windows"/>
                <authorization>
                      <allow roles=".\Developers"/>
                      <allow users="DOMAIN\ServiceAccount"/>
                      <allow users="fareast\t-makot"/>          
                </authorization>
      </system.web>
      <!-- When deploying the service library project, the content of the config file must be added to the host's
      app.config file. System.Configuration does not support config files for libraries. -->
      <system.serviceModel>
       
        <bindings>
          <basicHttpBinding>
            <binding name="basicHttpBinding" maxReceivedMessageSize="2147483647">
              <readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
     
        <services>
          <service name="WCFDummy.Calculator">
            <endpoint address="" binding="basicHttpBinding" contract="WCFDummy.ICalculator">
              <identity>
                <dns value="localhost" />
              </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            <host>
              <baseAddresses>
                <add baseAddress="http://localhost:8733/Design_Time_Addresses/WCFDummy/Service1/" />
              </baseAddresses>
            </host>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <!-- To avoid disclosing metadata information,
              set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
              <!-- To receive exception details in faults for debugging purposes,
              set the value below to true.  Set to false before deployment
              to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="False" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
      </system.serviceModel>

    </configuration>

    and I am  getting following excetion.

    The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

    Can some one help me where I am going wrong.

    Thank you

     

    MANIKANTA

    Tuesday, June 25, 2013 12:12 PM

Answers

All replies

  • Hi,

    Please try to see your code below:

    <bindings>
          <basicHttpBinding>
            <binding name="basicHttpBinding" maxReceivedMessageSize="2147483647">
              .......
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
     
        <services>
          <service name="WCFDummy.Calculator">
            <endpoint address="" binding="basicHttpBinding" contract="WCFDummy.ICalculator">
              <identity>
                <dns value="localhost" />
              </identity>
            </endpoint>

    You have configure the basichttpbinding with a binding name basichttpbinding, but you do not use it in the endpoint, so please try to modify your endpoint as blow:

    <endpoint address="" binding="basicHttpBinding" contract="WCFDummy.ICalculator" bindingConfiguration="basicHttpBinding">

    Hope it can help you.

    Best Regards.


    Amy Peng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Wednesday, June 26, 2013 8:35 AM
    Moderator
  • Hi Peng,

    Thank you so much I invested lot of time to trace my mistake But your post helped me a lot now I am able to secure it. One more question is will this work for rest of binding like WSHttpBinding ???

    One more question is I created a generic client when i try to consume this service I am getting this exception:

    {"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'."}

    while invoking  a method  as shown below.

    obj = Activator.CreateInstance(service, bindHttp, endpointaddress);

    result_obj = methodname.Invoke(obj, param); 

    Can you please suggest me what went wrong 

    Thank you.


    MANIKANTA

    Thursday, June 27, 2013 6:41 AM
  •  

    Hi,

    >>One more question is will this work for rest of binding like WSHttpBinding ???

    Yes, you can use the WSHttpBinding for the windows Authentication

    For more information, please try to refer to:

    http://msdn.microsoft.com/en-us/library/ff648431.aspx .

    >>{"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'."}

    In the code, set the proxy class to allow impersonation (I added a reference to a service called yourservice):

    Yourservice_PortClient proxy = new Yourservice_PortClient(); proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation


    Hope it can help you.

    Best Regards.


    Amy Peng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Thursday, June 27, 2013 9:40 AM
    Moderator
  • Thank you Peng,

     But the problem here is I wont add service reference to client I will take the server URI and then get the metadata and I will create the proxy by loading the assembly and complie it on fly and then create the proxy class instance as shown below

    dynamic  obj = Activator.CreateInstance(service, bindHttp, endpointaddress);

                            obj.ClientCredentials.UserName.UserName = "username";
                            obj.ClientCredentials.UserName.Password = "password";

    object   result_obj = methodname.Invoke(obj, param);  // getting exception here

    here obj is the proxy class instance, While invoking the method it is throwing the following exception :

    {"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'."}

    I tried your suggession but still the exception continued  :( 

    Why so ???

    If you know any information regarding how to pass the client credentials at this situation please share with me.

    Thank you.   


    MANIKANTA

    Thursday, June 27, 2013 11:42 AM
  • Hi,

    Please try these steps..
    1. remove this section from Web.config
    <identity>
    dns value="localhost"/>

    identity>

    2.Add this in web.config

    security mode="TransportWithMessageCredential">
               transport clientCredentialType="Windows" />
              message clientCredentialType="UserName" />
              /security>

    This article is also about this:

    http://occamsays.com/2011/04/13/the-http-request-is-unauthorized-with-client-authentication-scheme-anonymous-the-authentication-header-received-from-the-server-was-ntlm%E2%80%99/ .

    Hope it can help you.

    Best Regards.


    Amy Peng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Friday, June 28, 2013 1:28 AM
    Moderator