Access Web Service with Basic authentication through a proxy with Windows (NTLM) authentication

Question

I have a web service that uses basic authentication. I also have a Windows Forms application that uses the web service. When it starts up, the user is asked for credentials, which are then used when making any requests to the service.

Problem is, the app is used by a client from within a corporate network. All their internet traffic is routed through a proxy that uses Windows authentication. I'm trying to configure my application to correctly use that proxy when making requests.

So far I have this in my client application's app.config:

<system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="mySoap" closeTimeout="00:02:00" openTimeout="00:02:00"
      receiveTimeout="00:10:00" sendTimeout="00:02:00" allowCookies="false"
      bypassProxyOnLocal="true" hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" proxyCredentialType="Windows"
          realm="myrealm" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="http://www.myservice.com/service.asmx"
    binding="basicHttpBinding" bindingConfiguration="mySoap"
    contract="MyPublicService.mySoap" name="mySoap" />
</client>
</system.serviceModel>
<system.net>
   <defaultProxy useDefaultCredentials="true" />
</system.net>

Do you think that's going to work? I can't easily test it. The app and service have been tested without the proxy and they work just fine, I just need to configure the proxy correctly.

Theoretically, this configuration would make sure that all requests use the default proxy, which uses Windows authentication. It would use the default credentials, which would be set up in their Windows settings. And then it would use the user-provided credentials to perform basic authentication on the web service.

UPDATE

The client tried this and got a 400 error back:

System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (400) Bad Request. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
    at System.Net.HttpWebRequest.GetResponse()
    at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
    --- End of inner exception stack trace ---

Server stack trace: 
    at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
    at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
    at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

It works fine when I try from my machine without the proxy. Any idea why?

Answer 1

The 400 error is not related to the issue. Authorisation with the NTLM proxy seems to be working with this config.

UPDATE:

I changed the server's security configuration to accept Digest as well. Then had to make small changes in the code when setting user name and password, and it started working. Looks like the binding had issues with Basic authentication.