My services are enabled using Windows authentication on IIS7.
<binding name="Soap.HttpsBinding" closeTimeout="00:05:00"
openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None">
<extendedProtectionPolicy policyEnforcement="WhenSupported" />
</transport>
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
My clients connect to it successfully using the same binding details.
I recently had a request to add Basic authentication to support some legacy systems. Everything I thought I knew said we can run both side by side.
I enabled Basic authentication, and the legacy systems can connect. However, all our existing WCF clients are now throwing the following exception:
MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Basic realm="mydomain.local",Negotiate,NTLM'.
Regards, Rob.
Okay, it turns out this is one of the more misleading Microsoft error messages I've come across.
The 401 authentication error is being created on the initial request without any exception being logged in the event viewer.
The answer appears to be the use of system.webServer -> httpErrors
As I wanted to use the tilde (~) in the URL, I was setting my config to the following:
<httpErrors>
<clear />
<error statusCode="401" responseMode="ExecuteURL" path="~/error.xml" />
</httpErrors>
Whether it was the use of tilde, or the ExecuteURL, I eventually found that using the following works:
<httpErrors>
<clear />
<error statusCode="401" responseMode="File" path="/error.xml" />
</httpErrors>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.