SecurityNegotiationException on disconnected domain client

Question

When I am running a WCF service on my development machine it works as long as the client is connected to the domain.

When the machine is disconnected I get the following exception:

System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you

The service uses security internally (<transport clientCredentialType="Windows" protectionLevel="None"/>) so I can't easily turn it off.

Is there a way to work around this problem so I can test the service when I am not connected?

Answer 1

Probably won't work when not connected to the domain.

The default WCF security for several bindings is "Windows", e.g. your current user credentials are being passed to the WCF service and the service then attempts to validate those user credentials against the Windows domain.

If you're not connected, that verification can't happen, so the WCF service will refuse the call. Works as designed, I'd say :-)

Maybe you could expose a second endpoint for your service ("local dev testing") that doesn't require Windows authentication? When off the domain, just connect to that non-secured endpoint so that you can at least test the service and its inner workings.