WCF error: The caller was not authenticated by the service

Question

I am trying to access my WCF service on a server from my client console application for testing. I am getting the following error:

The caller was not authenticated by the service

I am using wsHttpBinding. I'm not sure what kind of authentication the service is expecting?

<behaviors>
  <serviceBehaviors>
    <behavior name="MyTrakerService.MyTrakerServiceBehavior">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>

Update It works if I change my binding to <endpoint "basicHttpBinding" ... /> (from wsHttpBinding) on the IIS 7.0 hosted, windows 2008 server

Edit your post and add the relevant sections of your .config file. — , Nov 12 '08 at 17:09
How is the WCF service you are trying to consume being hosted? — Michael Kniskern, Nov 12 '08 at 18:14
If its hosted in IIS, what is the directory security set to? Anonymous or Windows Integrated? — Ta01, Nov 12 '08 at 19:11
Can you mark an answer for this question. It looks like you were able to resolve your issue. — Michael Kniskern, Feb 25 '09 at 23:59
The action that resolved for me was change the application pool Identity from "ApplicationPoolIdentity" to "NetworkService". — Rogerson Nazário, Feb 20 '18 at 19:16

Michael Kniskern · Answer 1 · 2009-02-25T23:57:21.480

If you use basicHttpBinding, configure the endpoint security to "None" and transport clientCredintialType to "None."

<bindings>
    <basicHttpBinding>
        <binding name="MyBasicHttpBinding">
            <security mode="None">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </basicHttpBinding>
</bindings>
<services>
    <service behaviorConfiguration="MyServiceBehavior" name="MyService">
        <endpoint 
            binding="basicHttpBinding" 
            bindingConfiguration="MyBasicHttpBinding"
            name="basicEndPoint"    
            contract="IMyService" 
        />
</service>

Also, make sure the directory Authentication Methods in IIS to Enable Anonymous access

@KhumeshKumawat You can create and validate your own answer if you want or simply validate one of the existing (even if it is not exactly the one you chose). Your question has more than 60'000 views so it is an important one. It deserves an "official" an answer. — Askolein, Apr 02 '14 at 09:51

score 24 · Answer 2 · edited Feb 07 '11 at 19:08

24

I got it.

If you want to use wshttpbinding, u need to add windows credentials as below.

svc.ClientCredentials.Windows.ClientCredential.UserName = "abc";
svc.ClientCredentials.Windows.ClientCredential.Password = "xxx";

thanks

edited Feb 07 '11 at 19:08

Earlz

62,085
98
303
499

answered Feb 25 '09 at 23:42

4

And you may need the Domain too (.ClientCredentials.Windows.ClientCredential.Domain) – Retne Oct 06 '09 at 12:10
I have strange situation. From one machine i can reach service without explicit ClientCredential.Domain and from another it did not work without Domain – Max Kilovatiy Dec 04 '12 at 16:16

score 4 · Answer 3 · answered Nov 12 '08 at 18:04

Have you tried using basicHttpBinding instead of wsHttpBinding? If do not need any authentication and the Ws-* implementations are not required, you'd probably be better off with plain old basicHttpBinding. WsHttpBinding implements WS-Security for message security and authentication.

score 2 · Answer 4 · edited Jun 17 '12 at 15:54

2

set anonymous access in your virtual directory

write following credentials to your service

ADTService.ServiceClient adtService = new ADTService.ServiceClient();
adtService.ClientCredentials.Windows.ClientCredential.UserName="windowsuseraccountname";
adtService.ClientCredentials.Windows.ClientCredential.Password="windowsuseraccountpassword";
adtService.ClientCredentials.Windows.ClientCredential.Domain="windowspcname";

after that you call your webservice methods.

edited Jun 17 '12 at 15:54

Nick Giles

562
1
6
15

answered Oct 21 '09 at 07:09

kishore

21
2

The additional domain line was the solution to my problem, this is missing in the more credited answer below – Sander Oosterwijk Nov 16 '18 at 11:50

score 1 · Answer 5 · answered Nov 04 '13 at 13:57

If you're using a self hosted site like me, the way to avoid this problem (as described above) is to stipulate on both the host and client side that the wsHttpBinding security mode = NONE.

When creating the binding, both on the client and the host, you can use this code:

 Dim binding as System.ServiceModel.WSHttpBinding 
 binding= New System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None)

or

 System.ServiceModel.WSHttpBinding binding
 binding = new System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None);

score 1 · Answer 6 · answered Apr 07 '16 at 22:12

1

I was able to resolve the shared issue by following below steps:

Go to IIS-->Sites-->Your Site-->
Features View Pane-->Authentication
Set Anonymous Authentication to Disabled
Set Windows Authentication to Enabled

answered Apr 07 '16 at 22:12

Ajay Shankar

385
3
3

score 0 · Answer 7 · answered Feb 27 '16 at 09:55

if needed to specify domain(which authecticates username and password that client uses) in webconfig you can put this in system.serviceModel services service section:

<identity>          
<servicePrincipalName value="example.com" />
</identity>

and in client specify domain and username and password:

 client.ClientCredentials.Windows.ClientCredential.Domain = "example.com";
 client.ClientCredentials.Windows.ClientCredential.UserName = "UserName ";
 client.ClientCredentials.Windows.ClientCredential.Password = "Password";

score 0 · Answer 8 · answered May 17 '16 at 04:22

0

This can be caused if the client is in a different domain than the server.

I encountered this when testing one of my applications from my PC(client) to my (cloud) testing server and the simplest solution i could think of was setting up a vpn.

answered May 17 '16 at 04:22

yiannis

440
1
6
19

score 0 · Answer 9 · answered Jul 19 '18 at 06:26

I also had the same problem in wsHtppBinding. And I just had to add security mode pointing to none, that solved my problem and no need to switch to basicHttpBinding. Check Here and check how to disable WCF security. Check the below config change for reference:

<wsHttpBinding>
    <binding name="soapBinding">
        <security mode="None">
            <transport clientCredentialType="None" />
            <message establishSecurityContext="false" />
        </security>
    </binding>
</wsHttpBinding>

score -2 · Answer 10 · edited Sep 06 '11 at 11:46

-2

Why can't you just remove the security setting altogether for wsHttpBinding ("none" instead of "message" or "transport")?

edited Sep 06 '11 at 11:46

AndiDog

68,631
21
159
205

answered Nov 03 '09 at 06:29

Can Bilgin

13
1

12

When someone is having a problem with their security, its not very constructive to answer them with the question "why do you have to use security?" This is a legitimate problem and assuming their application calls for a secure configuration, they need an answer, not an asinine question. – John Ingle Dec 09 '12 at 14:18
I disagree - when you're starting with any technology in this area and using sample projects, it's very easy to end up with a whole lot of security stuff enabled by default which you didn't necessarily ask for. – Andy May 12 '14 at 16:49

WCF error: The caller was not authenticated by the service

10 Answers10

Linked