We Keep Coding

WCF The HTTP request is unauthorized with client authentication scheme 'Negotiate'

I have a WCF service hosted on IIS with Windows Aut, I am able to connect to the service from my client application (WPF) on my local machine, but when I try to access the service from some other machine I get the following error
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
I checked the providers in my IIS and there "Negotiate" is the first one and then the "NTLM". I also tried removing "NTLM" but that also did not help.
I have following configuration in my App.config
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding" maxReceivedMessageSize="2147483647"
receiveTimeout="00:30:00" sendTimeout="00:30:00"
openTimeout="00:10:00" closeTimeout="00:10:00">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="20971520" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>

You may need to enable anonymous access in IIS.

WCF wsHttpBinding in SoapUI

I am trying to add WCF service with wsHttpBinding to soapUI.
I am using message security and it works with test client but SoapUI returns
An error occurred when verifying security for the message
Here is service configuration:
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
establishSecurityContext="false" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
Here http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html is a document but they say I need .jks file. I only have encoded public key value generated by SvcUtil in test client configuration file.

after a lot of research I found a solution on a blog.
You need to check the WS-A:To checkbox, located on the WS-A options tab.
After doing that, my problem was solved.
This is the blog containing the solution. Thanks David!!

this setting is not interoperable with soapUI:
negotiateServiceCredential="true"
change it to false

Java JAX-WS Service with WCF Client

Is it possible to create a WebService using JAX-WS, that whould then be consumed by a WCF client using such a binding?
<bindings>
<basicHttpBinding>
<binding name="CaseObjectServicePortBinding" >
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
I created such a service without WSIT for now, just a plain service and wanted to just ignore the "Security" header in incoming SOAP message. But it fails with:
"Could not establish secure channel for SSL/TLS with authority 'xxxxxxxxxx'."
If I change:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
to:
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
everything works flawlessly. Any ideas what am I doing wrong?

The answer is yes. You can use BasicHttpBinding or WsHttpBinding
The error was occurred because when you use TransportWithMessageCredential, the WCF client will impose additional security to your message sent through the wire, which is interoperable only to WCF service.
Once you changed it to Transport, only transport security( SSL using certificate) is applied , so that why both client and service can understand how to communicate with each other.
Cheers.

When defining security as TransportWithMessageCredential you say: I want a service which will communicate over secured transport channel (HTTPS) and I want to pass client credentials in SOAP header.
If you define Certificate credential type in message element you say: The SOAP header will transport client credentials as x.509 Certificate token profile. It is interoperable format which requires WS-Security on the service.
If you define Certifiate credential type in transport element you say: I want mutual SSL authentication. I'm actually not sure if this is used if you define TransportWithMessageCredential

This happened on the step of initiating the request; the TLS exception pops out to you because the certificate set on the client is not trusted. Use a certificate with the common destination name, if you are using the service on public use the domain name else use the destination IP address as a common name and it will work just fine .
PS: Use the 'basichttps' binding in case you want to proceed with the https content type 'text/xml' soap 11 the the default from jaxws

WCF security in an internet scenario

I have a WCF service hosted in a Windows Service. Clients from various platforms will access the service. Now I would like to add a basic security mechanism. Ideally, the clients should use username/password for authentication.
Which binding settings do I have to use in this scenario and how can I authenticate the client? Interoperability is more important than a very secure solutions. If possible the client should not be forced to use a certificate or something the like. Additionally, authentication should not be strongly coupled with a SQL Server database. I would like to manually inspect the client credentials.
Thanks for your help

The best for your case can be BasicHttpBinding with security set to TransportWithMessageCredentials and credential type set to UserName. In this case your service will be secured with HTTPS (requires server certificate for SSL which has to be trusted on clients) and authentication will be provided on message level with UserName Token Profile (SOAP header). You can implement your own password validator.
BasicHttpBinding configuration skeleton:
<bindings>
<basicHttpBinding>
<binding name="Secured">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
If you don't want to use HTTPS you can create custom binding with HttpTransport, TextMessageEncoding and with security mode set to UserNameOverTransport. But you have to set allowInsecureTransport to true (be aware that there is some bug with WSDL generation in this setting).
Custom binding configuration skeleton:
<bindings>
<customBinding>
<binding name="Secured">
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
<textMessageEncoding messageVersion="Soap11" />
<httpTransport />
</binding>
</cutomBinding>
</bindings>

See the Internet section of the Application Scenarios for guides on how to achieve this:CodePlex Application Scenarios

WCF Authentication With SSL

I am very new to WCF and I have created a service to be consumed via a windows mobile app using the basicHttpBinding. I am now looking at how to implement encrpytion and authenticaion and I am not getting very far.
I have added the following to my server side service configuration (which I believe is correct):
<basicHttpBinding>
<binding name="SecurityByTransport">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
Now after installing a temporary certificate on my IIS instance I can navigate to my service via https.
At this point I used visual studios built in tool for running svcutil.exe and generated my proxy, which connects just fine.
The issue I have is in the client config, in that the endpoint reference is using http and not https. If I change this I get the following error:
The provided URI scheme 'https' is invalid; expected 'http'.
Which obviously I do not want.
Also in my client config the security specified seems to be "None", is this right?