none
Windows Authentication with ASP.NET to WCF RRS feed

  • Question

  • An ASP.NET page calls a WCF service, which intern calls a windows authenticated ServiceAPI. So we need to implement windows authentication at all levels (Its our requirement). Also tried Ntlm.

    WCF Service web.config settings

    <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows"/>
        <message clientCredentialType="UserName"/>
    </security>

    Also tried Ntlm.

    Client web.config file

    <authentication mode="Windows"/>
    <identity impersonate="true"/>

    Enabled Windows Authentication in IIS. When I access both the service and client thro browser, it pops the login window for credentials. But getting error from client,

    "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'"

    Do we need to set anything other settings?

    Thanks.

    Thursday, February 6, 2014 9:29 AM

Answers

  • Thanks for your suggestion.

    Actually we have to set security mode, clientCredentialType at the client side also. Now I can able to access the WCF service. Please check the below link for more info.

    http://morrisbahrami.blogspot.com.au/2011/02/http-request-is-unauthorized-with.html

    Thanks.

    Friday, February 14, 2014 7:16 AM

All replies

  • Hi,

    First please try to set the security mode to none to see if it works:

    <security mode="None">
      <transport clientCredentialType="None" proxyCredentialType="None"    realm=""/>
    </security>

    Then if it works, so it means that it has something wrong with the security in your previous code, so please try to set the proxy class to allow impersonation:
    C_PortClient proxy = new C_PortClient();
    proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, February 7, 2014 2:25 AM
    Moderator
  • Thanks for your reply. If I provide some default credentials it works fine but if I implement the windows authentication it throws error. Actually the exact scenario is, windows authenticated .aspx calls windows authenticated WCF service, which calls windows authenticated 3rd party service through HttpWebRequest.

    I set [OperationBehavior(Impersonation = ImpersonationOption.Required)] to the WCF service method. And web.config file setting is

    <security mode="TransportCredentialOnly">
       <transport clientCredentialType="Windows"/>
    </security>

    The HttpWebRequest (in the WCF Service) which calls another windows authenticated service as properties,

    request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; request.Credentials = CredentialCache.DefaultNetworkCredentials;

    Deployed in IIS with windows authentication enabled.

    The client or UI web.config settings are,

    <authentication mode="Windows"/>
    <identity impersonate="true"/>

    with

    client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    

    Deployed in IIS with windows authentication and Impersonation enabled. Issue at client side is,

    "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'"

    Please let me know if you have any idea on this.

    Tuesday, February 11, 2014 5:42 PM
  • Hi,

    Please try to check the following to see if it helps:

    var Client = new Service1Client();
    Client.ClientCredentials.Windows.ClientCredential.Domain = "...";
    Client.ClientCredentials.Windows.ClientCredential.UserName = "...";
    Client.ClientCredentials.Windows.ClientCredential.Password = "...";
    client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, February 12, 2014 8:55 AM
    Moderator
  • Thanks for your suggestion.

    Actually we have to set security mode, clientCredentialType at the client side also. Now I can able to access the WCF service. Please check the below link for more info.

    http://morrisbahrami.blogspot.com.au/2011/02/http-request-is-unauthorized-with.html

    Thanks.

    Friday, February 14, 2014 7:16 AM