The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the serv



    Hello ..

    New to WCF.


    I got following scenario .. my WCF service need to return


    to WCF client.

    my service looks as

    namespace Calumo.Site.WCF


    // NOTE: If you change the class name "ExcelClientAuthentication" here, you must also update the reference to "ExcelClientAuthentication" in Web.config.

    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

    public class ExcelClientAuthentication : IExcelClientAuthentication


    public string AuthenticateExcelClient()


    var test = OperationContext.Current.ServiceSecurityContext.WindowsIdentity;

    var application = HttpContext.Current.Application["auth_mode"].ToString();

    return application;






    <serviceHostingEnvironment aspNetCompatibilityEnabled="True">



    <service behaviorConfiguration="Calumo.Site.WCF.ExcelClientAuthenticationBehavior"


    <!-- Service Endpoints -->

    <endpoint address="" binding="wsHttpBinding" contract="Calumo.Site.WCF.IExcelClientAuthentication">


    Upon deployment, the following identity element should be removed or replaced to reflect the

    identity under which the deployed service runs. If removed, WCF will infer an appropriate identity




    <dns value="localhost"/>



    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>





    <behavior name="Calumo.Site.WCF.ExcelClientAuthenticationBehavior">

    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->

    <serviceMetadata httpGetEnabled="true"/>

    <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->

    <serviceDebug includeExceptionDetailInFaults="false"/>









    namespace WindowsFormsApplication4


    public partial class Form1 : Form


    public Form1()




    private void Form1_Load(object sender, EventArgs e)


    ExcelClientAuthenticationClient excelClient = new ExcelClientAuthenticationClient();

    MessageBox.Show(excelClient.AuthenticateExcelClient()+" " +client.GetData());





    but fails at excelClient.AuthenticateExcelClient() -

    error: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.


    any help is much appreciated.


    Tuesday, April 01, 2008 1:32 AM

All replies

  • i get the same problem for debugging.

    The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM', for localhost

    here is the stack trace.

    i am using basic http binding;the service and the client are both runing on Win 2008 Server

    "\r\nServer stack trace: \r\n   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)\r\n   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException)\r\n   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)\r\n   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)\r\n   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)\r\n   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)\r\n   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)\r\n   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)\r\n   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)\r\n\r\nException rethrown at [0]: \r\n   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)\r\n   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)\r\n   at IService.GetAvailableLocations()\r\n   at ServiceClient.GetAvailableLocations() in C:\\Users\\RMircea\\Documents\\Visual Studio 2008\\Projects\\WCFTest\\WCFTest\\Service.cs:line 1626\r\n   at WCFTest.Program.Main(String[] args) in C:\\Users\\RMircea\\Documents\\Visual Studio 2008\\Projects\\WCFTest\\WCFTest\\Program.cs:line 14\r\n   at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)\r\n   at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)\r\n   at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()\r\n   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)\r\n   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)\r\n   at System.Threading.ThreadHelper.ThreadStart()"

    any help would be appreciated
    Friday, June 27, 2008 2:11 PM
  • You would have to enable anonymous access on IIS when using wshttpbinding.


    Please see for more info.

    Friday, June 27, 2008 10:58 PM
  • Hi Dinesh, I am also facing the simiral problem with a very slight difference.

    I am actually trying to invoke a SharePoint OOTB web service from a Console application (this is apprently a console app for testing, I will actually use the web service from Xbap/SilverLight not sure yet). But the problem is, the proxy genereted by the Visual studio has a class that inherits from  System.ServiceModel.ClientBase<> .

    I want to use the username/password/domain to access this web service from my application. Pretty much what we did for web services in old .net 2.0 days.

    for instance,

    someproxy = new SomeWebServiceProxy();
    someproxy.Credentials = new NetworkCredentials("username", "password", "domain");

    How can I do the same trick here? please keep in mind that I have a limitations that I can't write anything into the web config of the client app. I want to acheive this something like..

                    BasicHttpBinding bind = new BasicHttpBinding();
                    bind.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;// these are justed tested values...doesnt work
                    bind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;// these are justed tested values...doesnt work

                    EndpointAddress endpoint = new EndpointAddress("http://ABAC:37379/_vti_bin/lists.asmx");

                    ServiceReference1.ListsSoapClient listService
                        = new ConsoleApplication1.ServiceReference1.ListsSoapClient(bind, endpoint);

                    listService.ClientCredentials.Windows.ClientCredential =
                        new System.Net.NetworkCredential("Administrator", "mypass", "");
                    listService.ClientCredentials.Windows.AllowNtlm = false; // these are justed tested values...doesnt work

    But not sure what is the exact solutions. Can you please help me on this regards..? It would be greatly appreciated!!

    - Moim Hossain [Please mark as answer if this post helps you]
    • Proposed as answer by KeyPakt Thursday, August 06, 2009 1:12 PM
    • Unproposed as answer by OmegaManMVP, Moderator Wednesday, March 16, 2011 12:22 PM
    Tuesday, June 23, 2009 12:29 PM
  • Hi,

    I was struggeling with the now famous The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate, NTLM’. error message until today in different situations. The thing that got me back on track was when I found out that the error did not occur in one application but all other.

    The only application I had that was working was built from a test sample that had all files located in the same project which in this case was placed in the Inetpub\wwwroot folder handled by the IIS. This was a Web site project. Since I decided not to use Web site project but instead go for the ASP.NET Web application project model instead the files get saved in my Documents and settings folder by default. So it works when all is on the IIS but not otherwise. To make a long story short I found out that the Web Service project folder in Documents and settings was missing the security permission Internet Guest Account user.

    After adding the Internet Guest Account user all applications got rid of the 'Negotiate,NTLM' error.

    Thursday, August 06, 2009 1:23 PM
  • In my case, when I got the same error  I removed  the following lines from the web.config file located at the deployed service location from where I am accessing the WCF service in my console app and program started working.



    dns value="localhost"/>



    Tuesday, May 04, 2010 6:46 PM
  • Hi you can try this in app.config file <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security>
    • Proposed as answer by Aplusplus Wednesday, December 08, 2010 2:22 PM
    Wednesday, December 01, 2010 5:14 AM
  • Hi

    In my case I changed Authentication mode enable for Anonymous, Basic and Window.

    Hope it helps.


    Wednesday, December 08, 2010 2:25 PM
  • Simple, easy, clean! Thanks for the fix! Works like a charm.
    Friday, February 18, 2011 12:48 PM
  • Following worked for me:

    1. Use basicHttpBinding and NOT wshttpbinding

    2. Use the following code for both client and server



    security mode="TransportCredentialOnly"




    transport clientCredentialType="Windows"








    Wednesday, March 30, 2011 3:48 AM
  • Answer from shashi raina worked for me. Thanks.
    Tuesday, September 27, 2011 4:26 PM
  • if   the error ocuures  when deploying a webpart to a sharepoint site  then change your current visual studio extension version to previous one it will work

    Wednesday, October 05, 2011 9:57 AM
  • Can you tell me how do we change the current visual studio extention version. I didnt get exactly what you mean.. please elaborate.
    Friday, November 25, 2011 11:45 AM
  •  change your Visual studio extensions for wss

    Monday, July 09, 2012 9:35 AM
  • Hi shashi,

                         I tried your solution but when I try to consume the service which is hosted in IIS I am getting the same error while invoking any  method I am able to create an instance of proxy class. but unable to call it.

    can you suggest me some other way to clear this bug

    Thank you.


    Friday, June 28, 2013 5:30 AM
  • Not an option for me, i need only windows autentication
    • Edited by AmadeusEx Friday, January 31, 2014 7:34 PM
    Friday, January 31, 2014 7:34 PM
  • Thanks, it work for me without enabling anonymous
    Friday, January 31, 2014 7:36 PM