Last post Feb 23, 2015 09:42 AM by Robert Johnston
Feb 20, 2015 01:39 PM|Robert Johnston|LINK
I know this question has been asked several times before on many different forums, but I am still having issues.
I am getting the above error message when I call the below operation with the WCF Test Client (also happens with other apps).
public string ReturnUserName()
catch (Exception ex)
A supposedly fairly simple task.
However, when I call it I get the above main message and then the below (in order of) inner exception.
-The remote server returned an error: (401) Unauthorized.
-The target principal name is incorrect
My web config is below:
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<service behaviorConfiguration="ServiceBehavior" name="Service.MyService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureBinding" contract="Service.MyService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<add binding="wsHttpBinding" scheme="https" />
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
As you can see, I am trying to use the wsHttpBinding with an (not obvious) SSL connection.
The Service is hosted in IIS7 and the App Pool is running under a service account (need it this way so that we I can have the service access a DB).
The Authentication is set up as below:
Anonymous - Disabled.
ASP.NET Impersonation - Disabled.
Basic - Disabled.
Digest - Disabled.
Forms - Disabled.
Windows - Enabled.
The Providers are (in order)
Your help is greatly appreciated.
Feb 21, 2015 11:47 AM|mgebhard|LINK
The error is simply saying the negotiate header was sent to the client but the client did not respond properly. This is commonly due to IIS configuration.
Is this an Intranet or Internet application? Are the client and WCF service on the same domain?
Feb 23, 2015 02:46 AM|Shawn - MSFT|LINK
For this situation, about this error message, you could try the following ways:
Enabled Anonymous access (username and password of domain user)
Enabled Integrated Windows authentication
For more information, you could refer to:
Feb 23, 2015 09:37 AM|Robert Johnston|LINK
This is an Intranet application backed by a Windows Domain and they are on the same domain.
Feb 23, 2015 09:42 AM|Robert Johnston|LINK
Thank you for your reply, but your response is in regards to a slightly different error message. Your post is regarding an error that is produced because the client auth scheme is Negotiate and the header was setup as Negotiate.
The actual error is that same as listed, but with a bunch of letters and numbers ending it.
We are also not looking to hard code or store passwords on the client side. We want the user to use their own AD account and authenticate off of that. A Service Account is running the app pool for the host WCF service.
Each of our functions within the service are headered with:
[PrincipalPermission(SecurityAction.Demand, Role = "AD_Role")]
With a stored user ID and password, managing access this way become difficult.