HTTP request is unauthorized with client authentication scheme 'Anonymous'. The

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

Situation: the WCF service can browse in the browser, but through the procedure call tips:

HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

Detailed error information:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

Solution (with anonymous access):

1 check the authentication mode in the current service is configured in the config and WCF mode are consistent. For example:

<binding name="BasicHttpBinding_Service" closeTimeout="00:00:30" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" useDefaultWebProxy="true" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <security mode="None"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName"/> </security> </binding>

Encryption mode for None. You should check the service status IIS authentication mode not open [anonymous access].

2 to confirm my computer [] - right - [management] - [local users and groups] - [user] in the existence of IIS anonymous access to the user.

XP: Default user name. The default user name format: the IUSER_ computer name. If not the computer name, you need to add the user. Make sure that the user is not disabled.

Win7: The default is the user type. The default user type: IUSER


Above is the practical solution for me.

Other solutions to provide online:


HTTP request is unauthorized with client authentication scheme 'Anonymous'.

When using VS2008 as the client call SharePoint service (WCF) when the display abnormal:

HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

My solution:

1, The use of HTTP endpoint:

<security mode="TransportCredentialOnly">

2, The use of HTTPS endpoint:

<security mode="Transport">

Paste the client end of the app.config

Code <?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <!--<extendedProtectionPolicy policyEnforcement="Never" />--> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://SUT02/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService" /> <endpoint address="https://SUT02:443/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService1" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService1" /> </client> </system.serviceModel> </configuration>

The client end of the code are as follows:

Code static void Main(string[] args) { BusinessDataCatalogSharedServiceClient client = new BusinessDataCatalogSharedServiceClient("BasicHttpBinding_BusinessDataCatalogSharedService1"); client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; client.ClientCredentials.UserName.UserName = @"domain\userName"; client.ClientCredentials.UserName.Password = "Password"; client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "Password", "domain"); AcceptAllCertificate(); try { Guid guid = client.GetServiceApplicationId(); } catch (Exception ex) { throw; } } /// <summary> /// Case request Url include HTTPS and TCP prefix, use this function to avoid closing base connection. /// Local client will accept all certificate after execute this function. /// </summary> public static void AcceptAllCertificate() { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); } /// <summary> /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication. /// In our adapter,we make this method always return true, make client can communicate with server under HTTPS without a certification. /// </summary> /// <param name="sender">An object that contains state information for this validation.</param> /// <param name="certificate">The certificate used to authenticate the remote party.</param> /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param> /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param> /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns> private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the serv

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.

The solution

The 1 configuration IIS

Web site -> attribute -> directory security; -> authentication method: at the same time selected "anonymous access" and "integrated Windows authentication"

2 WCF client Config file: There are 3 places: 1) security mode, 2) end point behaviorConfiguration, 3)behaviors

<system.serviceModel> <bindings> <basicHttpBinding> <binding …> <readerQuotas … /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint ... behaviorConfiguration="ImpersonationBehavior"/> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehavior"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel>

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Merle at September 05, 2014 - 8:57 AM