All geek questions in one place

WCF Authentication Error

I am accessing a third party WCF service (I do not have access to the service configuration). We use SSL certificates for authentication.

I get this error when trying to access any of the provided methods

An HTTP request is not authorized using the Negotiate client authentication scheme. authentication header received from server was Negotiate, NTLM

I checked many google links and no luck so far. I don’t know what else to check on my side.

EDIT

Here is the configuration

  <system.serviceModel>
         <bindings>
             <wsHttpBinding>
                 <binding name = "wsHttpBinding" closeTimeout = "00:01:00" openTimeout = "00:01:00"
                     receiveTimeout = "00:10:00" sendTimeout = "00:01:00" bypassProxyOnLocal = "false"
                     transactionFlow = "false" hostNameComparisonMode = "StrongWildcard"
                     maxBufferPoolSize = "524288" maxReceivedMessageSize = "65536"
                     messageEncoding = "Text" textEncoding = "utf-8" useDefaultWebProxy = "true"
                     allowCookies = "false">
                     <readerQuotas maxDepth = "32" maxStringContentLength = "8192" maxArrayLength = "16384"
                         maxBytesPerRead = "4096" maxNameTableCharCount = "16384" />
                     <reliableSession ordered = "true" inactivityTimeout = "00:10:00"
                         enabled = "false" />
                     <security mode = "Transport">
                         <transport clientCredentialType = "Windows" proxyCredentialType = "None"
                             realm = "" />
                         <message clientCredentialType = "Windows" negotiateServiceCredential = "true"
                             establishSecurityContext = "true" />
                     </security>
                 </binding>
             </wsHttpBinding>
         </bindings>
       <client>
           <endpoint address = "https: // url"
               binding = "wsHttpBinding" bindingConfiguration = "wsHttpBinding"
               contract = "IApiWS" name = "wsHttpBinding">
           </endpoint>
       </client>
 </system.serviceModel>
+4
source share
2 answers

Try setting clientCredentialType="Windows" to clientCredentialType="Certificate" . I usually use the hard-coded WCF configuration and not the configuration file, so I'm not sure about that, but anyway take a look at the following link: Choosing the credential type in MSDN.

Good luck. I am surprised that with whom you connect, I did not give explicit instructions for connecting endpoints, but, hey, you deal with everyone when you work with third-party things.

+2
source

Well, that can be a little confusing, so I plan ahead, in fact, the server tells you that you are not authorized, usually for this you would add something like below to the proxy generated by you

 svc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

where svc is your generated proxy. I also saw this on an incorrectly configured IIS endpoint, where the virtual folder does not allow anonymous dialing (although you say that you cannot access the service configuration so that this does not help). hope this helps

edit added more information

Depending on your security, it may turn out that a setting similar to the one below may be more useful.

 svc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Anonymous;

Edit 2 The above config shows that the wsHttpBinding you are using has Windows installed as clientCredentialtype for transport security and user authentication, which means that you will send NTLM authentication credentials through the current user credentials (since negotiateServiceCredentials is true) confirmed Do you, that the user is logged in, has the rights to the service?

+1
source

Source: https://habr.com/ru/post/1308923/

More articles:


All Articles