WCF service call returns '407 Proxy Authentication Required'

Question

I am hosting a WCF webservice (on Azure) and have shipped a WPF desktop application to a client who (obviously) tries accessing the service through a proxy.

The service calls fails, returning

The remote server returned an unexpected response: 407 Proxy Authentication Required

The ServiceModel section of the client app.config file looks like this:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_ILicensing"  closeTimeout="00:00:15" openTimeout="00:00:15"
                 receiveTimeout="00:00:15" sendTimeout="00:00:15" maxReceivedMessageSize="2147483647"
                 maxBufferSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" 
                        maxArrayLength="2147483647" maxBytesPerRead="2147483647" 
                        maxNameTableCharCount="2147483647"/>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="xxxxxxx"
                binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ILicensing"
                contract="Cloud.ILicensing" name="BasicHttpBinding_ILicensing" />
    </client>
</system.serviceModel>

That's basically all I know.

I would know like to fix this behavior by modifying the app.config file and/or the web.config file of the service (which shouldn't matter, as the service is not reached anyways).

As far as I have understood, there is the attribute useDefaultWebProxy of the binding node, which asks to look up the system proxy configuration and use this for connecting to the service. However, as the default value is true, I would expect that setting it to true explicitly doesn't change anything (that's basically the definition of a default, I guess).

1. What can be reasons for the failing proxy authentication, considering useDefaultWebProxy is not set and therefor should be true due to it's default value?

2. How can the app.config be modified in order to fix the issue considering the limitied information? Basically: What do I need to know/ask my client (i.e. proxy server address) and where do I need to insert the information in my client config file?

3. How can I set up a test environment on my local machine which mimics the issue?

Answer 1

For 1 and 2, you need to configure System.Net to provide default credentials for the default proxy - it doesn't do this by default (because hidden callback code in apps with automatic access to the internet would be bad).

<system.net>
    <defaultProxy useDefaultCredentials="true" />
</system.net>

For 3, I'm not entirely sure how you would be able to test this locally as you need a machine to act as the proxy and these are typically domain controller type machines. You could simulate with 2 VMs but I hope you have a powerful machine in order to do so plus it seems like a lot of effort to test this.

Answer 2

You can do it from code

WebRequest.DefaultWebProxy.Credentials = CredentialCache.DefaultNetworkCredentials;