none
BizTalk - access issue accessing using WCF-BasicHTTP RRS feed

  • Question

  • How can I solve the below ?

    The adapter failed to transmit message going to send port "WcfSendPort_wsys_wsysSoap" with URL "http://dcla-u-sql-12/ap/cheing.asmx". It will be retransmitted after the retry interval specified for this Send Port. Details:"System.Net.WebException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

    <title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

    <style type="text/css">


    MBH

    • Moved by ArthurZ Saturday, June 13, 2015 2:50 AM Not SSIS related
    Friday, June 12, 2015 9:50 PM

Answers

  • Hi Arthur,

    I had similar issue.

    See my blogpost:

    https://social.msdn.microsoft.com/Forums/en-US/915ebb19-ae45-44fa-b62f-6a5b6fd0d494/wcf-error-when-calling-service-from-biztalk-with-windows-authentication?forum=biztalkr2adapters

    • Proposed as answer by Angie Xu Friday, June 19, 2015 2:25 AM
    • Marked as answer by Angie Xu Tuesday, June 23, 2015 2:38 AM
    Wednesday, June 17, 2015 10:00 AM

All replies

  • Hi,

    You may need to enable anonymous access in IIS.

    Refer: HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

    Rachit


    Please mark as answer or vote as helpful if my reply does


    Saturday, June 13, 2015 12:10 PM
    Moderator
  • Hello Rachit, I already set my Anonymous Authentication enabled in IIS,but still receiving same error.

    where can I find the config file ? How to check the below ?

    "check the authentication mode in the current service is configured in the config and WCF mode are consistent"


    MBH


    • Edited by JaguarsJag Saturday, June 13, 2015 2:06 PM Info
    Saturday, June 13, 2015 1:07 PM
  • Hi,

    In the config, set up the security mode:

    <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
          <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>

    In the code, set the proxy class to allow impersonation (I added a reference to a service called customer):

        Customer_PortClient proxy = new Customer_PortClient();
        proxy.ClientCredentials.Windows.AllowedImpersonationLevel =    
                 System.Security.Principal.TokenImpersonationLevel.Impersonation;

    Reference :

    http://stackoverflow.com/questions/1044034/wcftestclient-the-http-request-is-unauthorized-with-client-authentication-scheme

    Thanks

    Abhishek


    Monday, June 15, 2015 6:23 AM
  • I understand, but where can I find this config file ?

    MBH

    Monday, June 15, 2015 10:19 AM
  • Hi ,

    You can find the config file at the  IIS root directory of the service exposed . You need to open the config file in notepad and change the security setting to windows .

    Once change done you need to restart the IIS so that changes can be reflected .

    Thanks

    Abhishek

    Monday, June 15, 2015 10:28 AM
  • I didnt expose any service, I consumed their service. Then do i still have to make changes to my config file ?

    MBH

    • Proposed as answer by SharadVerma Monday, June 15, 2015 10:59 AM
    • Unproposed as answer by SharadVerma Monday, June 15, 2015 10:59 AM
    Monday, June 15, 2015 10:32 AM
  • Hi,

    Can you confirm if in the Server Manager the following Role Services for IIS is set if not then you need to set this.

    - Basic Authentication
    - Windows Authentication

    Regards,

    Sharad

    Monday, June 15, 2015 11:01 AM
  • Where can I find that ? I am using windows 2012 R2. You can also see on top of one of the forums, Anonymous and Windows authentication is enabled

    MBH

    Monday, June 15, 2015 11:04 AM
  • Hi,

    Did you provide any securityinformation on the Security tab of the configuration of the WCF-BasicHttp adapter and if yes, is this the correct information?

    Regards,

    René

    Monday, June 15, 2015 11:13 AM
  • No, I did not. I just imported the binding that was generated on comsuming their web service

    MBH

    Monday, June 15, 2015 11:24 AM
  • Well,you probably should provide some sort of authentication looking at the http returncode in the error message, i.e. '401 - Unauthorized: Access is denied due to invalid credentials.'

    You could first try to consume the service through SoapUI, to see if you get the proper results.

    Regards,

    René

    Monday, June 15, 2015 11:26 AM
  • can you try this;

    in the security tab select security mode as "TransportCredentialOnly" and transport credential type as NTML.

    Monday, June 15, 2015 11:26 AM
  • Hold on everyone!

    First, @jaguarjags, do you own the service you're calling?  Meaning, do you have control over that server?

    Second, exactly what auth scheme should you be using?  Anonymous, username/password, certificate?

    No answers are valid without known these things first.

    Monday, June 15, 2015 12:06 PM
  • 1) No, I dont own the service, Iam just consuming the wsdl provided. 2) I was tols he has provided me with windows account authentication

    MBH

    Monday, June 15, 2015 12:12 PM
  • Then use TransportCredentialOnly as Security mode and Windows as client credential type on the Security Tab.

    Monday, June 15, 2015 12:16 PM
  • If you're using the WCF-Custom Adapter, make sure you have the clientCredentials Behavior set on the Behavior tab.
    Monday, June 15, 2015 12:56 PM
  • I am using WCF-BasicHTTP, and below is the configuration  on security tab.

    The Orch is dehydrated and Web service send port is Active with complete message. When I ask the person was the message been received through web service, he checked the logs and told nothing has been received. Where is the message ?


    MBH


    • Edited by JaguarsJag Monday, June 15, 2015 1:40 PM info
    Monday, June 15, 2015 1:37 PM
  • Is the SendPort retrying? Anything in eventlog?
    Monday, June 15, 2015 1:40 PM
  • below is the checking the Group Hub page and the binding property set on wcf-BasicHTTP Adapter. I don't see anything in windows log, no error, no warning and neither message is delivered


    MBH

    Monday, June 15, 2015 1:45 PM
  • Can you restart the host instance running the SendPort? If no difference can you recreate the SendPort?
    Monday, June 15, 2015 2:18 PM
  • I tried restarting Host instance, recreated Send port again by importing the bindings..receiving same error. But when I am trying by creating a sample test client by .net class that works . Why is it not working with BizTalk ?

    and this is the error :

    The adapter failed to transmit message going to send port "WcfSendPort_wsys_wsysSoap" with URL "http://dcla-u-sql-12/ap/cheing.asmx". It will be retransmitted after the retry interval specified for this Send Port. Details:"System.Net.WebException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

    <title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

    <div id="header"><h1>Server Error</h1></div>

    <div id="content">

    <div class="content-container"><fieldset>

      <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>

      <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

    </fieldset></div>


    MBH

    Monday, June 15, 2015 4:42 PM
  • I have even tried changing to 'WCF-Custom' adapter, but the same error. I am stuck, how can I fix this. The weird part is, it works with Test client separate.cs code

    The adapter failed to transmit message going to send port "WcfSendPort_wsys_wsysSoap12" with URL "http://dcla-u-sql-12/ap/cheing.asmx". It will be retransmitted after the retry interval specified for this Send Port. Details:"System.Net.WebException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">

    <div class="content-container"><fieldset>

      <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>

      <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

    </fieldset></div>


    MBH

    Monday, June 15, 2015 5:50 PM
  • Is the user that is running your SendHost authorized to access the webservice?

    Monday, June 15, 2015 6:01 PM
  • Yes, it is.

    I am using same user to test through .net client and it works


    MBH

    Monday, June 15, 2015 6:08 PM
  • And how does the app.config file looks llike of your .net testclient?
    Monday, June 15, 2015 6:09 PM
  • below is app.config file
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <configSections>
            <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
                <section name="APtest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
            </sectionGroup>
        </configSections>
        <startup> 
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
        </startup>
        <system.serviceModel>
            <bindings />
            <client />
        </system.serviceModel>
        <applicationSettings>
            <APtest.Properties.Settings>
                <setting name="APtest_IPMService_wsys" serializeAs="String">
                    <value>http://dcla-u-sql-12/ap/cheing.asmx</value>
                </setting>
            </APtest.Properties.Settings>
        </applicationSettings>
    </configuration>


    MBH

    Monday, June 15, 2015 6:12 PM
  • How you're calling the webservice from code?
    Monday, June 15, 2015 6:14 PM
  • this is the .net cient I am using for testing which works and send response back.

    Code you mean, how am I calling in BizTalk ? If so, he has provided me wsdl, which I consumed and that generated schemas, binding files. Imported the binding file that created send port

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    
    namespace APtest
    {
        class Program
        {
            static void Main(string[] args)
            {
                IPMService.wsys client = new IPMService.wsys();
                client.Credentials = System.Net.CredentialCache.DefaultCredentials;
                string sXml = "<Root><req CpnyId=\"1011\" VendId=\"21000002567\" InvcNbr=\"x34sdf3\" InvcDate=\"20150608\" ReqAmt=\"1000\"><rit CpnyId=\"1037\" Acct=\"6005800\" Sub=\"ZZ00-00000-103000-000-00-000\" TranAmt=\"900\" Descr=\"test1\" /><rit CpnyId=\"1011\" Acct=\"5009800\" Sub=\"XX00-00000-501000-000-00-OT9\" TranAmt=\"100\" Descr=\"test2\" /></req></Root>";
    
                Console.WriteLine(client.Put(sXml).InnerXml);
                Console.Read();
                
            }
        }
    }


    • Edited by JaguarsJag Monday, June 15, 2015 6:20 PM info
    Monday, June 15, 2015 6:16 PM
  • Can you try to use a CustomBinding, with a basichttpbinding with the same security settings as above, i.e. TransportCredentialOnly and Windows. And add a clientCredentials behavior as EndpointBehavior.
    Monday, June 15, 2015 6:32 PM
  • I didn't get you what you mean, custom binding with wcf-basichttp adapter ?

    if possible can you send a screen shot please ?


    MBH

    Monday, June 15, 2015 6:34 PM
  • Select WCF-Custom as adapter, click Configure and on the Binding tab select basicHttpBinding

    Set TransportCredentialOnly on the Security Element and Windows as clientCredentialType on the transport element.

    Finally on the behavior tab add clientCredentials as an EndpointBehavior.

    Tuesday, June 16, 2015 6:35 AM
  • Hi Arthur,

    I had similar issue.

    See my blogpost:

    https://social.msdn.microsoft.com/Forums/en-US/915ebb19-ae45-44fa-b62f-6a5b6fd0d494/wcf-error-when-calling-service-from-biztalk-with-windows-authentication?forum=biztalkr2adapters

    • Proposed as answer by Angie Xu Friday, June 19, 2015 2:25 AM
    • Marked as answer by Angie Xu Tuesday, June 23, 2015 2:38 AM
    Wednesday, June 17, 2015 10:00 AM
  • This didn't solve the issue.
    Thursday, November 12, 2015 7:12 AM
  • Hi John,

    I am getting same error in BizTalk frequently, We are using the WCF-Custom adpater and providing the client credentials in Behaviour set tab, Once we restart the Host instances the connection is establishing.

    Could you please let us know why it is behaving like this.

    Tuesday, September 4, 2018 9:39 AM