Wednesday, August 03, 2011

Authentication Error Connecting SharePoint Web Service Using WCF

I was playing around with SharePoint Web Service yesterday and was presented with the following error as soon as I click on the run button.

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

I was using Visual Studio 2010 and below was the code I used to setup the credential.

WindowsFormsApplication2.WebsSvc.WebsSoapClient _webs = new WebsSvc.WebsSoapClient();
_webs.ClientCredentials.Windows.ClientCredential.Domain = "Contoso";
_webs.ClientCredentials.Windows.ClientCredential.UserName = "MOSSAdmin";
_webs.ClientCredentials.Windows.ClientCredential.Password = "QWERT123";

Here is the content of the app.config.

<?xml version="1.0" encoding="utf-8" ?>
                <binding name="WebsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="None">
                        <transport clientCredentialType="None" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
            <endpoint address=
                binding="basicHttpBinding" bindingConfiguration="WebsSoap"
                contract="WebsSvc.WebsSoap" name="WebsSoap" />         

So how do I make my http request to use NTLM instead of  Anonymous as stated in the error message?

By changing the security mode from “None” to “TransportCredentialOnly” and transport clientCredentialType from “None” to “Ntlm”.  It is that simple.

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Ntlm" proxyCredentialType="None"
    realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />

The “TransportCredentialOnly” mode provides HTTP-based client authentication. It does not provide message integrity or confidentiality.

The “TransportWithMessageCredential” or “Transport” mode will not work for me since I am using http and not https for my endpoint address.

I will get the following error if I use the “TransportWithMessageCredential” or “Transport” mode.

The provided URI scheme 'http' is invalid; expected 'https'.
Parameter name: via

Have fun!

No comments: