WCF Authentication Error

Question

I'm accessing a third party WCF service (I have no access to the service configuration) We're using SSL certificates for the authentication.

I'm getting this error when trying to access to any of the provided methods

The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM

I checked many google links and no luck so far- No idea what else to check on my side.

EDIT

Here is the configuration

<system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="wsHttpBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
                    transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Transport">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="Windows" negotiateServiceCredential="true"
                            establishSecurityContext="true" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
      <client>
          <endpoint address="https://url"
              binding="wsHttpBinding" bindingConfiguration="wsHttpBinding"
              contract="IApiWS" name="wsHttpBinding">
          </endpoint>
      </client>
</system.serviceModel>

Answer 1

Ok, this may be a little vague so I aplogise in advance, essentially the server is telling you you are not authorised, normally for this you would add something like the below onto the proxy you generated

svc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

where svc is your generated proxy. I have also seen this on a misconfigured IIS hosted endpoint where the virtual folder does not have allow anonymous set (though you say you cannot access the service configuration so that may not be to helpful). hope this helps

edit added more info,

It may be, depending on security, that a setting similar to below may be more usefull

svc.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Anonymous;

Edit 2 The config above shows that the wsHttpBinding you are using has Windows set as clientCredentialtype for the transport security and user authentication, this mean that you will be sending through the credentials of the currently logged on user to the service for authentication using NTLM (as negotiateServiceCredentials is true) have you confirmed that the user logged on has rights on the service?

Answer 2

Try setting your clientCredentialType="Windows" to clientCredentialType="Certificate" I usually use hard-coded WCF config, not config file, so I'm not really sure on this, but either way, take a look at the following link: Selecting a Credential Type on MSDN.

Good luck. I'm surprised what/whom you're connecting to didn't give explicit endpoint connection instructions, but hey, you deal with every kind when working with 3rd-party stuff.