Description
I have a WCF web service and a WCF client, running on the same machine. I'm using windows authentication. I'm trying to connect from the client, as a chosen domain user:
var client = new MyService.ServiceClient();
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("USER", "PASSWORD", "DOMAIN");
client.ReceiveData("hello");
Unfortunately the last line results in the error:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'
How can i resolve this?
Note:
This works on a different machine in a different domain. So it's probably a setting on my machine.
This does not happen for local users:
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("LOCALUSER", "PASSWORD", "");
I get the same error when i enter the wrong password for a local user.
This also does not happen when i am already logged in as the domain user, and don't specify credentials:
var client = new MyService.ServiceClient();
client.ReceiveData("hello");
When i remove NTLM from [Authetication > Windows Authetication >
Providers...], then i instead get the puzzling error:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate'.
client App.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="BasicHttpsBinding_IService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyService/Service.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService"
contract="MyService.IService" name="BasicHttpBinding_IService" />
</client>
</system.serviceModel>
</configuration>
Related
I am trying to configure a WCF service through the app.config file so it defaults to getting the TLS settings from the OS (we want the service to use TLS 1.2 as default, actually), and I am trying to follow the Transport Layer Security (TLS) best practices with the .NET Framework article.
But when I try to add the sslProtocols parameter to the transport attribute, it seems like it does not exist.
Do we lack some Assembly or other dependencies? Did it change from NET Framework 4.8?
Our config file is as follows:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="siiBinding">
<security mode="Transport"/>
</binding>
<binding name="siiBinding1">
<security mode="Transport"/>
</binding>
<binding name="siiBinding2">
<security mode="Transport"/>
</binding>
<binding name="siiBinding3"/>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www1.agenciatributaria.gob.es/wlpl/SSII-FACT/ws/fe/SiiFactFEV1SOAP" binding="basicHttpBinding" bindingConfiguration="siiBinding" contract="SuministroFactEmitidasReference.siiSOAP" name="SuministroFactEmitidas"/>
<endpoint address="https://www10.agenciatributaria.gob.es/wlpl/SSII-FACT/ws/fe/SiiFactFEV1SOAP" binding="basicHttpBinding" bindingConfiguration="siiBinding1" contract="SuministroFactEmitidasReference.siiSOAP" name="SuministroFactEmitidasSello"/>
<endpoint address="https://www7.aeat.es/wlpl/SSII-FACT/ws/fe/SiiFactFEV1SOAP" binding="basicHttpBinding" bindingConfiguration="siiBinding2" contract="SuministroFactEmitidasReference.siiSOAP" name="SuministroFactEmitidasPruebas"/>
</client>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/></startup></configuration>
Make sure your system.web is similar to the following:
<system.web>
<compilation targetFramework="4.8"></compilation>
<httpRuntime targetFramework="4.8" />
</system.web>
and transfer mode
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
Try adding in global.asax.cs using System.Net.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
For details you can check the documentation.
How to: Configure an IIS-hosted WCF service with SSL
TcpTransportSecurity.SslProtocols Property
I have a problem accessing a .Net WCF Service that uses Basic authentication. The server's web.config file has the service configured as such:
<services>
<service behaviorConfiguration="serviceBehavior" name="api.GlobalService">
<endpoint address="" behaviorConfiguration="restBehavior" binding="basicHttpBinding"
bindingConfiguration="Basic" contract="api.IGlobalService" />
</service>
</services>
with the binding:
<bindings>
<basicHttpBinding>
<binding name="Basic">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
In my IIS Express config file I enabled basic authentication as such:
<basicAuthentication enabled="true" />
I am running it in debug mode, on localhost, and I don't want a custom basic authentication, I want it to authenticate against Windows credentials. I access the server directly, from the browser, and enter my windows credentials when prompted, or from Postman using basic authentication and credentials, however I always get a 401. I am not authorized to access a server I run on my own machine with my own credentials. Any help on what I'm doing wrong?
You can try the following, in the application that consumes the WCF Service
WCFServiececlient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
WCFServiececlient.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
i'm experiencing problems on my WP8.0 app, I want to access a HTTPS WCF service from it with BASIC authentication.
Everything is already working on a C# console app which uses .NET framework 4.5
WORKING CONSOLE APP CODE :
App.config :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="WS_CubicusMobileSOAPBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType="Basic" realm="xxxxxx.xx.xx" />
</security>
</binding>
</basicHttpsBinding >
</bindings>
<client>
<endpoint address="https://xxx.xxx.xx/xxx/awws/xxxxx.awws"
binding="basicHttpsBinding" bindingConfiguration="WS_CubicusMobileSOAPBinding"
contract="ServiceReference1.WS_CubicusMobileSOAPPortType"
name="WS_CubicusMobileSOAPPort" />
</client>
</system.serviceModel>
</configuration>
And this C# code :
ServiceReference1.WS_CubicusMobileSOAPPortTypeClient proxy = new WS_CubicusMobileSOAPPortTypeClient();
proxy.ClientCredentials.UserName.UserName = "xxxxxx";
proxy.ClientCredentials.UserName.Password = "xxxxxx";
var e = proxy2.ConnexionTestWP(anObject);
NOT WORKING WP8.0 CODE :
ServiceReferences.ClientConfig :
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="WS_CubicusMobileSOAPBinding" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://xxxxx.xxxxx.xxx/xxxxx/awws/xxxxx.awws"
binding="basicHttpBinding" bindingConfiguration="WS_CubicusMobileSOAPBinding"
contract="ServiceReference1.WS_CubicusMobileSOAPPortType" name="WS_CubicusMobileSOAPPort" />
</client>
</system.serviceModel>
</configuration>
The C# code is exactly the same than the console app one (except it's Async).
I receive a CommunicationException saying "Additional information: The remote server returned an error: NotFound."
The only thing Fiddler sees :
http://i.stack.imgur.com/VzYhf.png
I heard that Silverlight clients needs crossdomain.xml on client side to work, so I included this file on the server root. Still not working...
I feel like I tried every binding (like custombinding), every c# code (like adding the Authorization header inside the WCF request manually), every kind of configuration etc... Nothing is working.
Please help me out i'm desperate !
You're using basicHttpBinding in Windows Phone but basicHttpsBinding in console app. Have you turned off http on the server?
I have a C# application which is using Travelport Universal API interfaces through SOAP communication.
In C# I used the wsdls for generating the SOAP client.
I have this config settings for HTTPS connection (this was generated by Visual Studio from WSDL):
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="AirLowFareSearchBinding" maxBufferSize="2097152" maxReceivedMessageSize="2097152">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
<client>
<endpoint address="https://emea.universal-api.travelport.com/B2BGateway/connect/uAPI/AirService" binding="basicHttpsBinding" bindingConfiguration="AirLowFareSearchBinding" contract="AirServiceReference.AirLowFareSearchPortType" name="AirLowFareSearchPort" />
</client>
About this SSL3.0 vulnerability Travelport want to disabling SSL3, and I could use just over TLS.
My question is what should I change on this config, or should I change anything for TLS connection on https instead of SSL3.
In you code before calling to the service:
system.Net.ServicePointManager.SecurityProtocol=SecurityProtocolType.Tls12;
Here is a blog post Here
Is there a way of ignoring SSL certificate errors?
I have developed a web service which until now has been running locally using http, however it has been moved externally and needs to communicate via https. The certificate for testing purposes is self-signed and therefore not trusted and I am getting the error The provided URI scheme 'https' is invalid; expected 'http'.
Web.config
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="RemoteSoap" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://mydomainwebservice:8444/Test.asmx" binding="basicHttpBinding"
bindingConfiguration="RemoteSoap" contract="RemoteService.RemoteSoap"
name="RemoteSoap" />
</client>
</system.serviceModel>
If I add the following security element I then get the following error The remote certificate is invalid according to the validation procedure. which seems to be caused by The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
Can someone kindly advise as to ignore these errors?
Try editing the config values in the .config
<configuration>
<system.net>
<settings>
<servicePointManager
checkCertificateName="false"
checkCertificateRevocationList="false"
/>
</settings>
</system.net>
</configuration>