The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM’

Question

I have an ASP.NET web application written in VB.NET. One part of the application makes an AJAX call to an internal ASMX file which in turn makes a call to a remote web service which is just a single ASMX file. Normally this works fine and has been deployed a couple of times and works fine. One client however, is getting the message from the AJAX call:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM’.

I have scoured a large amount of websites trying to fix this but I can’t seem to find any answer that works for me.

I have been unable to replicate the error on my test server, which is the same as the client, Win2003 IIS6.

The remote web service is deployed on Windows 2008 r2 – IIS7.5. The remote service is deployed using ‘Anonymous’ authentication only. The client deployment is set up with Anonymous and ‘Integrated Windows Authentication’. I have tried changing the authentication levels on both implementations but cannot replicate the issue. The closest I have come is when I set the remote service IIS authentication to

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was ''.

In the web.config file the reference to the remote service is:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="SVCMappingSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                <security mode="None">
                    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
                    <message clientCredentialType="UserName" algorithmSuite="Default"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://svc.website.com/services/myService.asmx" binding="basicHttpBinding" bindingConfiguration="SVCMappingSoap" contract="SVCMappingService.SVCMappingSoap" name="SVCMappingSoap"/>
    </client>
</system.serviceModel>

I have tried changing a number of the setting in the <security> section but still unable to replicate.

Answer 1

I am not sure of your total server setup.

<security mode="None">
  <transport clientCredentialType="None" proxyCredentialType="None"    realm=""/>
</security>

instead of above one please try with below configuration

<security mode="TransportCredentialOnly">
    <transport clientCredentialType="Ntlm"/>
    <message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>

please go through below links, you can more idea on those and you can change the config based on your requirements:

• http://blogs.msdn.com/b/publicsector/archive/2005/10/19/482833.aspx
• http://fczaja.blogspot.com/2009/10/http-request-is-unauthorized-with.html
• http://ddkonline.blogspot.com/2009/11/fix-http-request-is-unauthorized-with.html

Answer 2

I had to change the default generated

      <security mode="Transport"/>

into

      <security mode="Transport" >
        <transport clientCredentialType="Ntlm"/>
      </security>