login failed error when connecting to database from WCF service

Question

Hi, I created a WCF service and one of its methods connects to database to perform some task. when I call the WCF service method from the client (website or console app), I get a login failed error ("login failed", login is from an untrusted domain"). I can connect to the database from the website successfully, but when I do the same by calling WCF service and connect to the same database from the service, I get this error. is this something to do with client configuration? I created the client using svcutil utility and used the same client config it generated. here is how it looks. Please help. in dev environment it should use my account to connect to database, once deployed to test environment, it should use the service account configured in IIS application pool for the WCF service. I use Visual studio webserver during development.

  <system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
        useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="None"
            realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="http://localhost/WcfService/Service1.svc"
      binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
      contract="IService1" name="BasicHttpBinding_IService1" />
</client>

Answer 1

Your clientCredentialType is 'Windows', I suspect the WCF service is using delegation, which is to say that the user credentials from the client are being used at the service to try and talk to the database. Put another way, if the client application is running on a Windows box with the logged in user being DomainA\SomeUser, the credentials in the service will be DomainA\SomeUser, not the account configured in the IIS application pool. This link should be able to get you running: Wcf impersonation

Answer 2

when I call the WCF service method from the client (website or console app), I get a login failed error ("login failed", login is from an untrusted domain"). I can connect to the database from the website successfully, but when I do the same by calling WCF service and connect to the same database from the service, I get this error

I answer generally because your question is abstract - no operating system, IIS, SQL Server versions/editions/modes, no details on configuration, error, etc .

This is classic "double hop" problem. You may want also to know the difference between impersonation (used locally only) vs. delegation (used to connect to another machine). You should configure trust for delegation, probablt SPN - Service Principal Names, in your production servers as well as code your application accordingly.
Plz search internet by keywords "double hop", IIS, SQL Server", impersonation, delegation, asp.net, authentication, trust, deployment.