11

I have an ASP.NET web application written in VB.NET. One part of the application makes an AJAX call to an internal ASMX file which in turn makes a call to a remote web service which is just a single ASMX file. Normally this works fine and has been deployed a couple of times and works fine. One client however, is getting the message from the AJAX call:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM’.

I have scoured a large amount of websites trying to fix this but I can’t seem to find any answer that works for me.

I have been unable to replicate the error on my test server, which is the same as the client, Win2003 IIS6.

The remote web service is deployed on Windows 2008 r2 – IIS7.5. The remote service is deployed using ‘Anonymous’ authentication only. The client deployment is set up with Anonymous and ‘Integrated Windows Authentication’. I have tried changing the authentication levels on both implementations but cannot replicate the issue. The closest I have come is when I set the remote service IIS authentication to

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was ''.

In the web.config file the reference to the remote service is:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="SVCMappingSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                <security mode="None">
                    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
                    <message clientCredentialType="UserName" algorithmSuite="Default"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://svc.website.com/services/myService.asmx" binding="basicHttpBinding" bindingConfiguration="SVCMappingSoap" contract="SVCMappingService.SVCMappingSoap" name="SVCMappingSoap"/>
    </client>
</system.serviceModel>

I have tried changing a number of the setting in the <security> section but still unable to replicate.

Improve this question
3
  • I discovered that the client are using a proxy server. Disabling the remote web service resulted in the same error message on the client so it looks as though all the issues are down to their network setup. I configured the binding to use their proxy which resulted in the message - The remote server returned an unexpected response: (407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ). I have passed the issue on to whoever is responsible for the client network setup. Commented Oct 11, 2011 at 8:26
  • Hi @Fly_Trap, can you please describe how this proxy between you and your endpoint was impacting authorization. I have a similar issue right now, it looks like yours one might help me. Commented Sep 2, 2013 at 9:24
  • @Johnny_D, unfortunately I do not know how the proxy was configured. Commented Oct 3, 2013 at 13:54

3 Answers 3

Reset to default
19

I am not sure of your total server setup. 

<security mode="None">
  <transport clientCredentialType="None" proxyCredentialType="None"    realm=""/>
</security>

instead of above one please try with below configuration

<security mode="TransportCredentialOnly">
    <transport clientCredentialType="Ntlm"/>
    <message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>

please go through below links, you can more idea on those and you can change the config based on your requirements:

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

The trick is that to make sure that configuration in WCF and IIS level should be same. So in other way round we can change the IIS level as "anonymous".
I had already tried that security configuration but the message was the same. See my comment above, I think the issue is that the client is using a web proxy server.
If this answer does not solve your problem, why is it accepted?
I had to set security mode="Transport" and transport clientCredentialType="Basic", because I was using BasicAuth over SSL.
2

I had to change the default generated

      <security mode="Transport"/>

into 

      <security mode="Transport" >
        <transport clientCredentialType="Ntlm"/>
      </security>
Improve this answer

Comments

0

One more comment for this problem:

If you are not using HTTPS, 

<security mode="Transport"/>

is not supported. You can use 

<security mode="TransportCredentialOnly">

instead.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.