I have a client-server application. My server site is on IIS.
My client App.config is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="WSDualHttpBinding_IService" />
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8083/Service.svc"
binding="wsDualHttpBinding"
bindingConfiguration="WSDualHttpBinding_IService"
contract="ServiceReference.IService"
name="WSDualHttpBinding_IService">
</endpoint>
</client>
</system.serviceModel>
When I press a button on my application - I get the following error:
The http request is unauthorized with client authentication scheme 'anonymous'.
It seems like in order to resolve this problem I have to use the following code:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
However, what should I do since wsDualHttpBinding doesn't support transport security?
Maybe is there any declaration on IIS itself?
Related
I have a wcf service that will only work once I deploy it to a server and configure through IIS. there error message I get when running it through IIS express is:
The authentication schemes configured on the host ('Ntlm, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
My web.config services binging looks like this:
<services>
<service name="LMS.Services.Services.AppService" behaviorConfiguration="LargeDataRequestBehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="LMS.Services.Services.AppService" />
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="IMetadataExchange" />
</service> </services>
and my binding looks like this:
<bindings>
<basicHttpBinding>
<binding name="basicHttp_LargeDataRequestBinding" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" >
</transport>
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<basicHttpBinding>
</bindings>
Any Help would be greatly appreciated.
Try changing this part. The issue is that the enum for Credential Type Windows maps to a protocol called Negotiate. IIS is informing you that Negotiate has not been enabled on your website, only Basic (no security) and Ntlm (another form of Windows Security) is allowed.
<bindings>
<basicHttpBinding>
<binding>
<security >
<transport clientCredentialType="Ntlm" >
</transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
The WTF here is that there is a mismatch between "Negotiate" and "Windows".
Updating IIS Authentication settings as below fixed it in my case:
Anonymous Authentication: Disabled
Windows Authentication: Enabled
I keep getting the above error when my client program tries to call my WCF service method. It is passing credentials via ClientCredential.UserName.
I am not able to figure out what's happening here and all the posts related to this kind of issue are not solving this problem.
Mine is a shared hosting Environment on Godaddy server where my WCF service is hosted.
Configuration is as follows:
<endpoint
name="wsBinding"
address=""
binding="wsHttpBinding"
contract="ServiceLib.IBooking"
bindingConfiguration="myWSSettings"/>
<bindings>
<wsHttpBinding>
<binding name="myWSSettings">
<security mode="Transport">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
Would really appreciate any help.
Thanks
Sandeep
I have a very simple WCF program that writes data to an MSMQ, but I get this error
Binding validation failed because the binding's MsmqAuthenticationMode property is set to WindowsDomain but MSMQ is installed with Active Directory integration disabled. The channel factory or service host cannot be opened.
The config file I am using is this
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<netMsmqBinding>
<binding name="MsmqBindingNonTransactionalNoSecurity" exactlyOnce="false">
<security mode="None"/>
</binding>
<binding name="MsmqBindingNonTransactionalTransportSecurity" exactlyOnce="false">
<security mode="Transport"/>
</binding>
<binding name="MsmqBindingTransactionalTransportSecurity" exactlyOnce="true">
<security mode="Transport"/>
</binding>
</netMsmqBinding>
</bindings>
<client>
<endpoint name="MsmqService"
address="net.msmq://localhost/private/MsmqService/MsmqService.svc"
binding="netMsmqBinding" bindingConfiguration="MsmqBindingTransactionalTransportSecurity"
contract="MsmqContract.IMsmqContract" />
</client>
</system.serviceModel>
</configuration>
Any idea what is wrong?
I work together with a different developer on a WCF service
if the service client reference is generated by the other developer, after I update from SVN and I try to run, the application accessing the service fails with exception:
The caller was not authenticated by the service.
InnerException Message:
The request for security token could not be satisfied because authentication failed.
I noticed, when the client reference is generated on other pc, in client's app.config I have
<endpoint address="http://MyService.svc/ws"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISqlService"
contract="OneTestModel.ISqlService" name="WSHttpBinding_ISqlService">
<identity>
<servicePrincipalName value="host/alabala" />
</identity>
</endpoint>
If I generate/update the client on my pc, I get
<identity>
<servicePrincipalName value="host/my-pc-name" />
</identity>
and I can access the service
Service uses wsHttpBinding, and in it's web.config I have
<bindings>
<wsHttpBinding>
<binding name="ConfigBinding">
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
The service is supposed to run anonymously.
What change should I do in service config to ignore client side's <identity>?
Thanks
I have the following problem. On my machine I have a SL 3 application, which basically consists of:
* Client app (SL)
* Web app (.Net 3.5)
* Communication with the database handled by WCF
The site is hosted on my IIS, with the following authentication set up:
* Anonymous access: off
* Basic authentication: on
* Integrated Windows authentication: on
My bindings are set up as follows:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IWcfPortal" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="TransportCredentialOnly" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyApp/WCFPortal.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IWcfPortal" contract="WcfPortal.IWcfPortal"
name="BasicHttpBinding_IWcfPortal" />
</client>
</system.serviceModel>
</configuration>
Web.config:
<authentication mode="Windows" />
<identity impersonate="true" />
When I navigate to my site, I am prompted for an username and password. When filled in correctly, I can access the site but the db communication does not work. When I go to localhost/MyApp/WcfPortal.svc, I get the following error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
I tried adding <transport clientCredentialType="Windows" /> to the security in the basicHttpBinding, but VS gives me the warning "The 'clientCredentialType' attribute is not declared.".
If anyone can help me with this, I would be very grateful.
I fixed my issue. Turned out I had to change the basicHttpBinding in two places: ServiceReferences.ClientConfig and Web.Config
ServiceReferences.ClientConfig:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IWcfPortal" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="TransportCredentialOnly" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyApp/WCFPortal.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IWcfPortal" contract="WcfPortal.IWcfPortal"
name="BasicHttpBinding_IWcfPortal" />
</client>
</system.serviceModel>
</configuration>
Web.config:
...
<authentication mode="Windows" />
...
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IWcfPortal" maxBufferSize="10000000" maxReceivedMessageSize="10000000" receiveTimeout="00:10:00" sendTimeout="00:10:00" openTimeout="00:10:00" closeTimeout="00:10:00">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
<readerQuotas maxBytesPerRead="10000000" maxArrayLength="10000000" maxStringContentLength="10000000"/>
</binding>
</basicHttpBinding>
</bindings>
Unfortunately, to host this service under IIS6, you must turn on Anonymous Authentication.