WCF service throwing authentication error on 1 server - wcf

We have a WCF Service thats deployed on 4 servers with load balancer.
Out of this 4, 1 of the server if its online throws below error.
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was ''
If that server is removed, rest 3 work fine but just 1 server has this issue.
Considering that the file and config is the same on all 4 servers, the only difference will be server or IIS setup.
Does anyone have any idea what could be the possible reason for this?
Its basicHttpBinding with
Server config:
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"/>
</security>
Client Config:
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

I think there is something wrong in IIS authentication configuration. please open the authentication module in the IIS hosted application, and then enable the corresponding authentication mode.
The specific authentication support depends on your project authentication mode.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831496(v=ws.11)#Impersonation
Feel free to let me know if there is anything I can help with.

Related

WCF rest service client certificate issue

I have a SSL secured (https) restful WCF service hosted in IIS (7.5). This service has 2 endpoints. One endpoint is expects a client certificate and other do not expect a client certificate.
Client certificate setting in IIS is
Now, when i run my test case from Visual studio, everything works fine. No problems.
Problem is when the actual client (which is a website hosted in IIS), tries to communicate with the WCF service over the endpoint which do NOT expect client certificate.
When the website make such call, the browser (IE, Chrome), pops up a dialog box to select the client certificate.
If the endpoint is not expecting client certificate then why the browser is popping up this dialog box to select a client certificate?
Endpoint bindings look like this
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
<binding name="webSecureBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>

WCF client authentication scheme 'Basic'. to a java server

I'm trying to consume a java web service using basic authentication.
Using Soap UI I can receive a response when running a request with basic authentication.
The problem is using VS studio i'm having this error using basic authentification
"The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm='weblogic'
enter code here
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
Your transport configuration specifies an empty realm while the server users weblogic. Try adding the same realm you used with SoapUI, eg:
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="weblogic" />

WCF: Single operation fails with MessageSecurityException

So what we have here is a fairly trivial WCF service with a bunch of operations. Now, all but one operation work just fine, but that single one fails with MessageSecurityException.
This particular method is just like any other method in this particular service: no fancy authentication or authorization attributes, no impersonation, no nothing. Just plain hit-the-DB-and-return-results kind of method. Security is set up as follows:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
Yet whenever it gets invoked, it fails with
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'
I know this is a very open-ended question, but I hope someone has experienced the same.

Disable Windowsauthentication WCF

I'm using WCF to create a Client-Server Application and I'm having some problems with authentication, with wsHttpBinding Windowsauthentication seems to be turned on by default. The webservice worked perfectly inside my network but when I installed it somewhere else I suddenly had all these securityexceptions.
Though I want the webservice to be encrypted with https, i dont want windows authentication.
Although I can't try it at the moment I've found this Configuration:
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
Which might do the trick. This is my "old" one:
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>
This is the configuration on the client side which i dont quite understand cause anybody could just change this easily. I'd expect to configure this on the server side but i havent yet found out how.
Ideas?
You can disable it through IIS Authentication settings for the site hosting your WCF by turning it off there and leaving anonymous on.
http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx

WCF Authentication With SSL

I am very new to WCF and I have created a service to be consumed via a windows mobile app using the basicHttpBinding. I am now looking at how to implement encrpytion and authenticaion and I am not getting very far.
I have added the following to my server side service configuration (which I believe is correct):
<basicHttpBinding>
<binding name="SecurityByTransport">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
Now after installing a temporary certificate on my IIS instance I can navigate to my service via https.
At this point I used visual studios built in tool for running svcutil.exe and generated my proxy, which connects just fine.
The issue I have is in the client config, in that the endpoint reference is using http and not https. If I change this I get the following error:
The provided URI scheme 'https' is invalid; expected 'http'.
Which obviously I do not want.
Also in my client config the security specified seems to be "None", is this right?