Web Service Credentials work from remote but not on the server

Question

I'm calling a web service (named SecurityService) as below:

SecurityService.Service securityService = new SecurityService.Service();
securityService.Credentials = networkCredential;

return securityService.GetUserToken();

The service has Windows Authentication enabled, nothing else. This piece of code above works, from remote machines.

When I push this same code out to the IIS server that this service is running on, I get a 401 error:

The request failed with HTTP status 401: Unauthorized.

I tried the same piece of code with WCF:

ServiceSoapClient client = new ServiceSoapClient();
client.ClientCredentials.Windows.ClientCredential = networkCredential;
return client.GetUserToken();

with these settings:

<binding name="ServiceSoap">
  <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
  </security>
</binding>

Again, on the server, I can't get it to authenticate, from another machine connecting to this server, it works.

Here's the headers captured by advanced logging from the web service:

When it works:

sc-win32-status WWW-Authenticate Authorization
2147024891 "NTLM,Negotiate" -
0 - "Negotiate TlRMTVNTUAADAAAAGAAYAIoAAACi...."

When it fails, called from within the same server:

sc-win32-status WWW-Authenticate Authorization
2147024891 "NTLM,Negotiate" -
1073741715 "NTLM,Negotiate" "Negotiate ADAAAAGAAYAI4AAACiAaIBpgAAABoAGgBY..."

I also got this message instead of the plain 401 error, when I used WCF:

The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM,Negotiate'. ---> The remote server returned an error: (401) Unauthorized.

The explanation of Error 1073741715:

STATUS_LOGON_FAILURE (-1073741715 (0xC000006D))
The attempted logon is not valid. This is due to either an incorrect user name or incorrect authentication information.

Somehow my code is not authenticating to the web service correctly when it is run from within the server.

Here's a link to the same issue. The answer doesn't apply though:

401 Client 'Negotiate', Server 'Negotiate,NTLM' When Calling WCF Server to Server

is the web server part of the same windows domain? – Daniel A. White Mar 06 '19 at 16:21 — Daniel A. White, Mar 06 '19 at 16:21

score 0 · Answer 1 · answered Mar 12 '19 at 19:33

you need to provide your user credentials to IIS web app or IIS Application pool which is related with your IIS App.

For this

Open IIS.
Click on Application Pools
Select the application pool which your application works on
Click on Advanced Properties from the right pane
Find Identity under Process Model and click on ... button
Click on Custom Account and add your windows account there
Click Ok and save.

also ensure that app does not use custom user. Or alternatively Click on IIS App then click on advanced settings from right pane. After that modify Physical Path Credentials and Physical PAth Credentials Logon Type

I'm trying to pass entered credentials through. I can't have a fixed username/password for the application pool. — Baris Seker, Mar 13 '19 at 20:03

Web Service Credentials work from remote but not on the server

1 Answers1