Calling windows authenticated WCF service from c#

Question

We have a WCF service which is windows authenticated. Binding is configured as below.

<basicHttpBinding>
    <binding textEncoding="utf-8" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
        <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />            
        </security>
    </binding>
</basicHttpBinding>

I am trying to call the service from a test application as,

try
{
    BasicHttpBinding binding = new BasicHttpBinding();
    binding.ReceiveTimeout = new TimeSpan(10, 10, 00);
    binding.SendTimeout = new TimeSpan(10, 10, 00);
    binding.MaxReceivedMessageSize = Int32.MaxValue;
    binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
    EndpointAddress endpoint = new EndpointAddress("ServiceUrl");

    ChannelFactory<ICRMConnectorService> channelFactory = new ChannelFactory<ICRMConnectorService>(binding, endpoint);
    channelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
    var service = channelFactory.CreateChannel();

    service.TestMethod();
}
catch (Exception ex)
{
    throw ex;
}

The call is returning an error as, The remote server returned an error: (401) Unauthorized.

Can someone please help out?

you did not mention if the service is local now, but maybe that question can help: https://stackoverflow.com/questions/11408318/iis7-wcf-on-local-computer-i-get-401-unauthorized-access-is-denied-due-to-in — Jonathan Applebaum, Nov 17 '17 at 10:10
No, the service is not local. It is hosted on different server under same domain. — VJOY, Nov 17 '17 at 10:37
dont mind,do you have access to test the service or consume it?And also enable error logging and trace of WCF to check whether valid credentials are passed via SOAP. — Hameed Syed, Nov 20 '17 at 09:47
Is the authentication done in the clear (over port 389) or under secure LDAP (port 636)? I think you need to authenticate over 636. — T-Heron, Nov 21 '17 at 01:12
The problem is certainly not with the posted client-side code, as it works verbatim for me. Try the same using a specific username/password credential with known access to the server/service. — jsanalytics, Nov 21 '17 at 23:30
Your `` has no `name`. Are you sure it is correctly associated with your `` ? Post your full `` if you can. — jsanalytics, Nov 21 '17 at 23:36

score 1 · Answer 1 · answered Nov 22 '17 at 10:39

You can create a client object from ServiceReference (that you have added in your application) for calling methods and where you can provide the windows credentials to access webservice.

For practical implementation Try this: WCF Service, Windows Authentication

score 1 · Answer 2 · answered Nov 22 '17 at 15:19

Make sure the endpoint in the wcf service is configured something like this <endpoint address="" binding="wsHttpBinding" contract="IService"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>

Make sure that the method you are calling is using impersonation i.e. [OperationBehavior(Impersonation = ImpersonationOption.Required)] public void TestMethod() { }

Alex Seleznyov · Answer 3 · 2017-11-27T06:32:08.027

I just checked myself, with your settings the server doesn't get caller identified. I'd say you'd rather switch to another binding which is able to use secure channel, for example BasicHttpsBinding. Latter, however, requires SSL certificate set up on server (netsh http add sslcert ...), and, probably, some validation in client (ServicePointManager.ServerCertificateValidationCallback). There is also a post on the same matter, yet it involves IIS.

Calling windows authenticated WCF service from c#

3 Answers3