Error 403: Forbidden. The HTTP request was forbidden with client authentication scheme 'Anonymous'.

Question

I'm getting this error when calling a java web service. I'm using the same source as the rest of my team and they're all able to call it no problem? This is the stack trace:

30 Nov 2009 16:38:50,970 [4] ERROR - Error calling web service: System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

Answer 1

I suppose the server side of the web service is implemented in java, but this shouldn't matter anyway.

Maybe there is an IP-base authorization layer?

Answer 2

Get an HTTP sniffer hooked into the loop, and see what they're sending in their request compared to what you're sending. It looks like for whatever reason, your requests aren't sending appropriate authentication with them.

Note that depending on how things are set up this may not depend on your source tree and could defer to, for example, IE's Internet Settings on your machine.

Answer 3

This error means you are make a cross-domain call but you don't have any security setup (anonymous access) in WCF transport.

Please checkout this example on how to setup certificate authentication,

http://msdn.microsoft.com/en-us/library/ms751427.aspx