Unauthorized with client authentication scheme NTLM

2
votes

I'm receiving the following error from an ASPX page that is calling a WCF service.

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

I'm in a load-balanced web server environment, and only get the error when the client ASPX page is hitting the WCF service (also on the load-balanced web server) on the same server.

For example:
ASPX page on server A -> WCF service on server B = No issues.
ASPX page on server B -> WCF service on server C = No issues.
ASPX page on server B -> WCF service on server B = Error from above.

The servers are IIS 7.5, and the WCF service is currently configured with Anonymous and Windows authentication running as the Network Service account.

Does this have anything to do with loopback protection? I cannot currently replicate these results in a single server environment where the application and service are hosted on the same machine.

Here are my bindings for the ASPX page and the service:

Client:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_Imyservice">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://loadbalancedserver/myservice/myservice.svc"
        binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Imyservice"
        contract="myservice.Imyservice" name="BasicHttpBinding_Imyservice" />
    </client>
  </system.serviceModel>

WCF Service:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="myservice.Service.myservice">
        <endpoint address="" bindingNamespace="http://services.company.net/myservice"
          binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding"
          contract="myservice.Imyservice" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
1
c#wcfweb-serviceswindows-server-2008

1 Answers

2
votes

In case anyone runs across this, it was due to the IIS loopback issue. Registry fixes from http://support.microsoft.com/kb/896861 did the trick.