I am using a WCF service running on a windows 2003-SP2 Server with IIS 6.0 inside an asp.net application.
I have another asp.net application (the client) running on the same server attempting to connect to the WCF service.
I am trying to get the client app to connect-as the user logged into the browser to the WCF service.
My error is the dreaded:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'
The website in IIS has:
Annonymous Access: Disabled
Windows Authentication: Enabled
The web.config on both the server and client contain the following:
<authentication mode="Windows"/>
<identity impersonate="true" />
The WCF service has the following in the web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client />
<services>
<service name="ThirdPartyServices.ThirdPartyService" behaviorConfiguration="ThirdPartyServices.ThirdPartyServiceBehavior">
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="ThirdPartyServices.IThirdPartyService" />
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ThirdPartyServices.ThirdPartyServiceBehavior">
<serviceAuthorization impersonateCallerForAllOperations="true" />
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
The Client has the following in it's web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IThirdPartyService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="Delegation">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://myserver/myapp/appService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IThirdPartyService"
behaviorConfiguration="Delegation"
contract="ThirdPartyService.IThirdPartyService"
name="BasicHttpBinding_IThirdPartyService" />
</client>
</system.serviceModel>
Above all of the public methods in my service, I have:
<OperationBehavior(Impersonation:=ImpersonationOption.Required)> _
(Yes I am unfortunately forced to write in VB.net)
Now as far as I can tell from every blog, forum, article or any other source I could find, this should work.
Oddly enough it does work if I have the WCF service deployed in production (IIS 6) and deploy the client app
on my Dev machine which runs IIS 5 in windows XP (same msi as deployed in production, same settings in IIS).
Anyone have any idea why this would be happening?
Thanks everyone!