<binding name=“ServiceBindingBasic“ sendTimeout=“00:1:00“ maxReceivedMessageSize=“10000000“>
<readerQuotas maxArrayLength=“10000000“ maxStringContentLength=“10000000“/>
<security mode=“TransportCredentialOnly“>
<transport clientCredentialType=“Windows“ />
</security>
</binding>
Then, after a few months, I started seeing this message on my [somewhat new] XP machine:
The HTTP request is unauthorized with client authentication scheme ‘Ntlm’. The authentication header received from the server was ‘Negotiate,NTLM’.
Yet, when these services were installed on Windows Server 2003 sp1, no issues. At the end of the day, the credentials were’nt flowing correctly from one machine to another, and when I finally found a small article that had one tidbit that worked, I got past this thing. I needed to set this on my dynamic proxy:
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
So, if you ever see this error message, or a derivative of it, don’t go chasing down things like this crap until you’ve ensure your TokenImpersonationLevel meets whatever your requirements are.
I must admit, WCF security is a huge topic, and I certainly don’t lay claim to expertise in this area, so also consult others!
J
Jason Harper's nerd rant 
Jason,
Yes, this did work. It is interesting that this can be set in configuration, but when the proxy object is created it seems to be ignored. I would think the config below when applied to the proxy should work.
Great job…I was stumped on this for days until I found this article. All ready for the next problem now!
OMG!
Ive been googling all day to find out how to connect to Reporting Services 2005 web service from VS 2008! You saved my life. Thanks!
Yeah, I’ve been wasting half the day trying to figure out this stupid credentials thing, getting way too deep for no reason. Thanks man.
If you don’t want to do this in code, of course it can also be done in the configuration file by defining a custom endpoint behavior, for example, by adding:
<behavior name=”ImpersonationClientCredentialsBehavior”>
<clientCredentials>
<windows allowedImpersonationLevel=”Impersonation” />
</clientCredentials>
</behavior>
and then adding a behaviorConfiguration=”ImpersonationClientCredentialsBehavior” attribute to your client endpoint.
Pingback: Listen to yourself sometimes « Jason Harper’s blog
HI after using the code service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; i am getting the error like The HTTP request is unauthorized with client authentication scheme ‘Negotiate’. The authentication header received from the server was ‘Negotiate oYGTMIGQoAMKAQGigYgEgYVggYIGCSqGSIb3EgECAgMAfnMwcaADAgEFoQMCAR6kERgPMjAwOTAxMjMxNDE0MzdapQUCAwFCS6YDAgEpqRMbEUFNRVIuQ09SUC5FRFMuQ09NqjEwL6ADAgEDoSgwJhsEaG9zdBsedXNhaHN2dWxtMTkyLmFtZXIuY29ycC5lZHMuY29t’. Can you please help me on this one.Really 3 days i am struggling with this problem
hi ram your problem is an issue of .net 3.5 sp1 , see microsoft documentation, you have to add a identity tag to de endpoint client tags
hi jess,
where can i find the documentation you mentioned?
Thanks man.
Nice post, I was having the same error and it only took me to log off and login back to windows again. In my case I started getting this error when I changed my password.
Regards!
I found that an iisrest solved this problem for XP machines.
thanks for this info. fixed my problem and 5 hours of searching…..moving on now
I was actually experiencing this issue between a vista x64 client and iis7. Thanks for the fix.
Thanks a ton for sharing this info, it really saved my work from loosing hair and figuring out what went wrong.
Thank You so Much for the post.I was getting an error when i call basicHttpBinding WCF service from web application. I was getting the error that the uri has to be Https instead of htpp. This error is fixed by changing the Security Mode to
It’s work for me!!! Thanks a lot
Good answer back in return of this query with solid arguments and explaining the whole thing concerning
that.