I have a WCF webservice using a NetTcpBinding with Transport security and the clientCredientialType set to none. I have no identity specified on the endpoint using this binding. Every attempt made to call a method on the service results in the following error:
Client side:
System.ServiceModel.Security.SecurityNegotiationException: A call to
SSPI failed, see inner exception.
Service side:
System.ServiceModel.Security.SecurityNegotiationException:
Authentication failed on the remote side (the stream might still be
available for additional authentication attempts).
System.ComponentModel.Win32Exception: The target principal name is
incorrect
Any help with this is appreciated
Thanks
Sj
Related
I'm writing an UWP app in C#, and I'm trying to have it consume data from a (pre-existing) WCF service. I can't find any information online on the subject. Here is what my code looks like (WCF service is Serv, service namespace is Ns):
var config = Ns.ServClient.EndpointConfiguration.BasicHttpBinding_IServ;
var client = new Ns.ServClient(config);
var result = client.TestCall();
I get the following exception, which I don't understand how to parse:
Exception thrown:
'System.ServiceModel.Security.MessageSecurityException' in
mscorlib.ni.dll
Additional information: The HTTP request is unauthorized with client
authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate, NTLM'.
What does this error message mean? And how do I successfully authenticate with the WCF service?
Bonus question: what is the ServiceReferences.Designer.ClientConfig file? How do I use it?
I opened the Package.appxmanifest file and added the Enterprise Authentication and Private Networks (Client & Server) capabilities. This fixed the issue.
We have an attribute called LoggingImplementationBehavior that causes a WCF Logging service to get called before and after service calls it's attached to.
This works great both locally and on the shared development server. However, on the staging server a 401 error is returned when a call is made to the Logging service from the invoker. To ensure that the issue is not in the Logging service I commented all code out so that it does nothing, but I still get this error when the stub is called.
In IIS Manager, Anonymous Authentication is enabled (and nothing else) at both the server level and at the services website level. Digest Authentication is disabled at both levels, so what could be the cause of these 401 errors?
I've seen others have this problem with large data but the data being sent here is quite small.
Any tips on how to continue debugging this problem would be greatly appreciated as I'm currently at a dead end.
The exact text of the error is:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Digest qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v171b25f8f2632897bff13b10710dac91aa1d64068a3cccf011b44f8580e932354dfd50d56778ba404d674864cf9d5216e589c616fb1a48583",charset=utf-8,realm="Digest"'.
The remote server returned an error: (401) Unauthorized.
I am getting the below error while trying to call an external service from my service which was hosted in IIS .
Error : An error occurred while receiving the HTTP response to ''. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
And I am not getting any error while trying to call the same external service from a console application.
Any suggestions will help. Thanks in advance.
Issue is with the firewall. When i try to call the external service from console application, the service call going through without any errors, as there was no IIS involved in calling the service. But when i call the external service from another service hosted in IIS, firewall comes to the picture.
I'm trying to call a webservice with WCF Test Client but the webservice requires authentication.
How do I log on and call it by WCF Test Client (I tried to get it from browsers and then to call but does not work). I could use SOAP UI, but I'd like to do it with WCF Test Client if is possible. Maybe changing WCF config?
Error: Cannot obtain Metadata from If this is a Windows (R)
Communication Foundation service to which you have access, please
check that you have enabled metadata publishing at the specified
address. For help enabling metadata publishing, please refer to the
MSDN documentation at
http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange
Error URI: Metadata contains a reference that cannot be
resolved: ''. The HTTP request is unauthorized with client
authentication scheme 'Anonymous'. The authentication header received
from the server was 'Basic realm=""'. The remote server
returned an error: (401) Unauthorized.HTTP GET Error URI:
There was an error downloading ''. The request failed with
HTTP status 401: Unauthorized.
Do you have a mex endpoint specified in your config?
If you're having setup issues I'd suggest reading through the Codeplex applications scenarios to ensure you have setup your service and WCF Test Client properly.
Please post configs and some sample code if you require any further help.
EDIT:
These links may provide some insight in to the issue:
WCF - Cannot obtain Metadata, but works when the XML Endpoint is removed?
Cannot obtain Metadata from WCF service when using Microsoft WCF Test Client.
I'm building some routing functionality between services. The original service and the service that does the routing have an identical configuration; both are using netTcpBinding with the following binding configuration:
netTcpBinding
security mode="Message"
message clientCredentialType="UserName"
The service behavior uses a AspNet Membership Provider and a client certificate we've installed on the machine.
When I switch off the message security it relays just fine but when it's switched on I get the following exception:
"The message could not be processed. This is most likely because the action 'http://foo/Whatever' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings*. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding." (Emphasis mine)
My thinking is that the certificate is operating on the message twice (once on the original call and then on the relay) and this is what corrupts the message's security token.
Questions:
Is my thinking on target?
Is there a way to continue to use message security for routing without having the complexity of a token service?
You mentioned switching between no security and message security. Are you making sure to change both the WCF service endpoints as well as the endpoint on the receiving end? If not, and the two do not match up, you will receive an error. That's what that error seems to be saying to me.
For Question 2, what type of environment are you running in? A closed system where you could use encrypt and sign, or a public environment, where you might need to be using a special key?