how to call web service using NTLM authorization scheme?

Question

I'm a noob to calling WCF web services, so am hoping this is an easy question. When calling a web service with .NET 4 winform client, how do I change the authorization scheme from Anonymous to NTLM?

Right now I'm getting the exception: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

My goal is to build a little tool to help me monitor TFS 2010's data warehouse and cube. TFS provides a WarehouseControlWebService web service. I can call the service via Test mode in a browser when logged on to the server. However I'm trying to call the same web service remotely, from my desktop. My user account is in the local Administrators group on the server.

I've created a .NET 4 WinForm with the canonical Button1 and TextArea1. I then added a service reference to the web service and creatively called it ServiceReference1:

Add Service Reference...
http://tfssvr:8080/tfs/TeamFoundation/Administration/v3.0/WarehouseControlService.asmx

And here's my code behind:

private void button1_Click(object sender, EventArgs e)
{
    // Creating a proxy takes about 3-4 seconds
    var dwSvc = new ServiceReference1.WarehouseControlWebServiceSoapClient();

    // Invoking the method throws an MessageSecurityException
    var dwStatus = dwSvc.GetProcessingStatus(null, null, null);
}

I'm getting System.ServiceModel.Security.MessageSecurityException:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

I've tried passing my credentials via:

dwSvc.ClientCredentials.Windows.ClientCredential =
    new System.Net.NetworkCredential("user", "pass", "domain");

and also ...

dwSvc.ClientCredentials.Windows.ClientCredential =
    CredentialCache.DefaultNetworkCredentials;

I'm wading through the WCF documentation but ... oh boy ... there's a lot there. I'm hoping this is something easy??

Thanks in advance.

Answer 1

Set your config bindings to security mode="TransportCredentialOnly" and transport clientCredentialType="Ntlm"

<system.serviceModel>
    <bindings>  
        <basicHttpBinding>
            <binding name="WarehouseControlWebServiceSoap" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Ntlm" proxyCredentialType="None"
                        realm="" />
                    <message clientCredentialType="UserName" algorithmSuite="Default" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://tfsServer:8080/tfs/TeamFoundation/Administration/v3.0/WarehouseControlService.asmx"
            binding="basicHttpBinding" bindingConfiguration="WarehouseControlWebServiceSoap"
            contract="TfsWarehouse.WarehouseControlWebServiceSoap" name="WarehouseControlWebServiceSoap" />
    </client>
</system.serviceModel>