dotnet web services: WCF SecurityNegotiationException across machines -- dotnet web services

WCF SecurityNegotiationException across machines

Competitive Dad
1/28/2008 6:56:02 AM

dotnet web services:

I have a WCF service using wsHttpBinding and a client that is a website,
hosted on the same Windows 2003 Server.

If I use the client on the same machine as a service everything is fine. If
I use the website on a separate machine (IE 6 on XP SP2) I get a
SecurityNegotiationException, "The caller was not authenticated by the
service".

I have searched and searched for a solution to this, but most involve
setting the <identity> in the client binding which I cannot do as the
identity needs to be passed from IE. One other post elsewhere suggested using
a domain account for the Anonymous access on the WCF service, but again that
doesn't work.

If anyone can help, that'd be grand as at the moment I am simply unable to
run functionality in the WCF service from a remote machine.

Thanks,

Re: WCF SecurityNegotiationException across machines

Tiago Halm
2/2/2008 12:18:03 AM

BROWSER -> WEB -> WCF

Assuming you have "Integrated Windows Auth" on WEB, you have some options.

1. Connect to WCF using the WEB AppPool account by not impersonating. Set
<identity impersonate="false" /> on WEB.

2. Connect to WCF using the WEB impersonated account. Set <identity
impersonate="true" userName="xxx" password="yyy"/> on WEB. WCF will see the
xxx account.

3. Delegate BROWSER account to WCF. You'll need to set <identity
impersonate="true" /> on WEB, you'll need to setup SPN with WEB AppPool
account. Finally, you'll need to allow delegation to WEB AppPool account.

Tiago Halm

"Competitive Dad" <CompetitiveDad@discussions.microsoft.com> wrote in
message news:6F90E081-832B-4F2D-8D00-39C2D281FFDD@microsoft.com...
[quoted text, click to view]