WCF and security gets me again! Guys, if you are attempting to connect to a WCF service from a WCF endpoint and receiving this exception:
System.ServiceModel.Security.MessageSecurityException was caught
Message=”The HTTP request is unauthorized with client authentication scheme ‘Anonymous’. The authentication header received from the server was ”.”
Allow me to help you perhaps, so you do not need to pull your hair out as much as I did today. Even after exhaustive searching on Google I could not find an answer which resolved this particular problem as many answers regarded IIS authentication and/or Web.config changes which I tried and none of which worked on my Windows 7 / IIS 7 configuration at least, every time throwing back the same miserable error message.
So anyway, I progressed on; what do we know that’s a common root for this error and that the problem boils down to? well — authentication. As the error message states. But is it ever that simple? I attempted every combination under the sun in the Authentication tab of my Virtual Site in IIS 7 like a darned code-breaker on a safe (Anonymous Auth, Basic Auth, Windows Forms Auth and a combination of each one!). But alas, to no success.
So instead of banging my head against a brick wall and focussing on one particular solution which clearly wasn’t the answer, I stopped, and meditated hard over every word written in the exception message (as you do, lol) until it hit me.
It wanted “anonymous” access; or at least it was telling me, it couldn’t use it. Ok that’s fine, so I thought perhaps something has been overlooked in directory security, even though I had checked and the IUSR/IUSRS account had permission. Then it came to me as – “MACHINE_NAME\Users“. Of course, that’s about as “anonymous” as you get. Well, I set read-execute permission access, and booya, worked like a charm. We have connectivity.
I now receive no exception and connectivity is working perfectly. Sometimes it pays to stop and try a different avenue 
Hope I could help.
Remember as I stated, this solution may not be for everyone. If you still have issues, do in fact check your IIS Authorisation Settings and/or your Web.config reflecting those suggestions from posts listed on Google.
Cheers guys.
9 Comments
That really works!!! Thanks alot
Hi,
Am facing the similar issue. i did as per the instruction here but still the issue is not resolved.
Here is a list of steps i did
1a. Created WCF service and exposed it in IIS on Windows 2003 OS
1b. Created WCF test client and it is running in the same machine (Win 2003 OS)
2. Created a server certificate and client certificate using Win 2003 certicate utility. Placed these in Local Machine & Local user in the following places TrustedPeeople/Personal/Trusted Root.
3. Enabled the Security mode as TransportWithMessageCredentials. Authorization is done using certificate.
4. Mapped the server certificate in IIS and enabled these settings in the WebSite which exposes WCF
a. Enabled Require SSL Channel
b. Require Client Certificate
c. Enable client certificate mapping – used 1-1 mapping and mapped the client certificate to my login username/pwd.
5. used httpcfg utitlity to mapp the thumbpring hash to 0.0.0.0 and 0.0.0.0:443 with these switch -m 1 and -f 2
6. I could able to view the .svc file and WSDL file in Internet Explorer. IE pops up a screen to choose my client certificate.. and on choosing wsdl is displayed without any problem.
7. But the said exception comes when i call a contract using the test client which is also running in the same machine & with same login info.
Please let me know where am i missing.
I was pulling my hair out today UNTIL I read your article (after hundreds of other articles, none helped).
Your article solved my problem which I encountered 2 days ago.
Thanks a lot !!!
No problem!! So glad I could help. When WCF is working, it works well, when it’s not working, it’s a REAL pain to debug.
Hi Graham,
today I tested yuor solution, and it was not wiorking as well as a lot of other tests.
So I had the idea to remove most of the settings which are added automatically by VS 2008 (I’m using also 2010).
And I discovered that the problems was resolved mainly having a very simple configuration:
Magically everything started to work correctly, probably the problem is in one or more parameters that have been added by VS.
Hope this will help all the others which are fighting with this absurd issue.
Stefano
I had the exact same problem. In my case, the issue was that the user which the anonymous access authenticates as had its password expire.
I traced that by trying to open the svc file in IE. This gave me a 401.2, which told me that it was a server configuration problem.
Joon!!1 You are the man. Aftrer trying all the above plus everythingg else out there, it was the IUSR account locked. (Have no idea why). But it did solve my problem… Thanks
I was executing an XMLHttpRequest using PUT method and I was getting a 401 error. I tried modifying the security settings for Launch IIS Process Account which did not resolve the error. So, I’m glad that I got to your post. I did just what you described and it solved my problem. Thanks!
Keeps giving – this was the anwer as to why one account could delete/update and another couldn’t. Apparently even though service file doesn’t get touched OData seems to require modifiy permision to allow the verbs to update and delete OData.
One Trackback/Pingback
[...] http://goneale.com/2009/10/22/wcf-the-http-request-is-unauthorized-with-client-authentication-scheme... (doesn’t apply because of Azure) [...]
Post a Comment