Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

wsHttpbinding with TransportWithMessageCredential and windows authentication

Tags:

wshttpbinding

windows-authentication

transport-security

I have an IIS hosted WCF service with the following binding configuration (I removed all the attributes from the binding for space) for wsHttpBinding and TransportWithMessageCredential

   <wsHttpBinding>
    <binding name="BindingName" .../>
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </wsHttpBinding>

with a service behaviour of:

  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceCredentials>
       <userNameAuthentication userNamePasswordValidationMode="Windows" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>

Anonymous authentication is disabled and windows authentication enabled.

On the client side the Credentials are being set using a valid windows user and password but i get the following exception on every call to the service:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

With a self hosted version of the WCF service it works fine running under a valid windows account.

Any help is appreciated.

like image 634
Sjblack Avatar asked Sep 10 '14 08:09

Sjblack

People also ask

Is WSHttpBinding secure by default?

By default, the SOAP body is Encrypted and Signed. This mode offers a variety of features, such as whether the service credentials are available at the client out of band, the algorithm suite to use, and what level of protection to apply to the message body through the Security.

What is TransportWithMessageCredential?

TransportWithMessageCredential is a combination of both transport and message security since transport security encrypts and signs the messages as well as authenticates the service to the client and message security is used to authenticate the client to the service.

Is NET TCP secure?

This is a secure, reliable, optimized binding suitable for cross-machine communication. By default it generates a runtime communication stack supporting TCP for message delivery and Windows Security for message security and authentication, WS-ReliableMessaging for reliability, and binary message encoding.

1 Answers

Enabling Windows authentication in IIS requires that the credentials are supplied on the transport layer whereas your configuration defines that authentication happens at the message layer

To fix this problem you need to do one of the following

1) enable anonymous access in IIS as authentication will be handled at the message layer

or

2) update your security mode to be transport

<wsHttpBinding>
    <binding name="BindingName" .../>
      <security mode="Transport">
        <transport clientCredentialType="Ntlm" />
      </security>
    </binding>
  </wsHttpBinding>
like image 56
Edward Avatar answered Sep 28 '22 21:09

Edward
Sign in to Comment

Related questions

JetBrain Rider , Access denied when using IIS Express with Windows Authentication
IE/IIS integrated authentication problem
How to obtain email address with window authentication
401 - Unauthorized in IE7 only with windows authentication.
How to authorize CORS preflight request on IIS with Windows Authentication
IIS Windows Authentication weirdness
Sign in as Different User in asp.net?
Access windows Authenticated Web API through Angular 2 without login prompt
Is ASP.NET Core Identity needed for Intranet app using Windows Authentication
iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously
How to redirect a WCF service to an HTTPS endpoint with Windows credential
.NET returning incorrect username
Windows authentication using phantomjs
Windows Authentication allow users not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!