Menu
While calling a web service I get the following error:
The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from the server was 'NTLM'. The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from the server was 'NTLM'.
I have a Silverlight 4 application that calls a WCF web service, both on my IIS (7). my WCF web service calls another ASMX web service, installed on a different web server, using NTLM (Windows Authentication). Both servers, mine and the one hosting the ASMX web service are in the same domain.
When the Silverlight client opens the application from the server using http://localhost/MySiteName everything works fine. But when the Silverlight client opens the application from a different client, which is not the server but still in the same domain, using http://MyServerName/MySiteName then I get the error.
Windows Authentication is enabled in my IIS. Anonymous Authentication is disabled in my IIS.
Binding configuration for calling my WCF web service is:
<binding name="winAuthBasicHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
Binding configuration for calling the ASMX web service is:
<binding name="ClNtlmBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
537
NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses Windows credentials to transform the challenge data instead of the unencoded user name and password. NTLM authentication requires multiple exchanges between the client and server.
NTLM was subject to several known security vulnerabilities related to password hashing and salting. In NTLM, passwords stored on the server and domain controller are not “salted” — meaning that a random string of characters is not added to the hashed password to further protect it from cracking techniques.
Current applications. NTLM authentication is still supported and must be used for Windows authentication with systems configured as a member of a workgroup. NTLM authentication is also used for local logon authentication on non-domain controllers.
OK, here are the things that come into mind:
my WCF web service calls another ASMX web service, installed on a **different** web server
Ntlm to Windows and test again.OK, a few words on impersonation. Basically it is a known issue that you cannot use the impersonation tokens that you got to one server, to pass to another server. The reason seems to be that the token is a kind of a hash using user's password and valid for the machine generated from so it cannot be used from the middle server.
Delegation is possible under WCF (i.e. forwarding impersonation from a server to another server). Look at this topic here.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
