1

I am going around in circles on this one, and I could use some support.

I want to setup a HTTPS WCF service and I need to pass the user's Windows Credentials for further communication. I am using this post "Pass Windows credentials to remote https WCF service" as a basis, but I am running into a wall when I use the solution as described here.

My Web.config looks as follows:

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>

  <system.web>
    <compilation debug="true" targetFramework="4.7" />
    <httpRuntime targetFramework="4.7"/>
    <customErrors mode="Off" />
    <authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
      <allow users="*" />
      <deny users="?" />
    </authorization>
  </system.web>

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="httpsBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="Schindler.LPD.SharePoint.Service.SharePointService">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpsBinding" contract="Schindler.LPD.SharePoint.Service.ISharePointService"/>
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"  multipleSiteBindingsEnabled="true"/>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <directoryBrowse enabled="true" />
    <validation validateIntegratedModeConfiguration="false"/>
  </system.webServer>
</configuration>

I can call a method with the setting, but I don't get the windows credentials (ServiceSecurityContext.Current.WindowsIdentity):

<transport clientCredentialType="None"/>

But when I change it to:

<transport clientCredentialType="Windows"/>

I cannot method call failes, and on the client side I receive the exception:

System.ServiceModel.Security.MessageSecurityException:
'The HTTP request is unauthorized with client authentication scheme 'Negotiate'.
The authentication header received from the server was 'Negotiate oXkwd6ADCgEBonAEbmBsBgkqhkiG9xIBAgIDAH5dMFugAwIBBaEDAgEepBEYDzIwMTgwODIzMTE0ODMxWqUFAgMGvaCmAwIBKakWGxRHTE9CQUwuU0NISU5ETEVSLkNPTaoYMBagAwIBAaEPMA0bC3RyZHdzcjAwMjQk'.'

Can anybody tell me where the message security exception is coming from, and how I can resolve this?

Jeroen Richters
  • 11
  • 1
  • 4

0 Answers0