HTTP and HTTPS / The HTTP request was forbidden with client authentication scheme 'Negotiate'. (403) Forbidden.

Question

Hi,

Can someone please kindly help young lady with low skills in setting WebServices with a kind detailed advice, please.

I am getting an error:

System.ServiceModel.Security.MessageSecurityException: 'The HTTP request was forbidden with client authentication scheme 'Negotiate'.'

WebException: The remote server returned an error: (403) Forbidden.

The fun stuff is if in Internet browser I use link in as "HTTPS" I can open the service, however not as "HTTP".

I have tried to change as HTTPS in the config file, but it does not work and and asking for some sort of URI to be set-up.

I have tried to change security from "Windows" to "Ntlm", and even set it to "None" in the C# programme code, but I had no any luck. Scheme just changes to "Anonymous" and access is still forbiden.

The config file is like that:

binding="basicHttpBinding" bindingConfiguration="NDataAccessSoap"

contract="devCARE.NDataAccessSoap" name="NDataAccessSoap" />

binding="customBinding" bindingConfiguration="NDataAccessSoap12"

contract="devCARE.NDataAccessSoap" name="NDataAccessSoap12" />

C# Console Application programme code is like that:

static void Main(string[] args)

{

BasicHttpBinding binding = new BasicHttpBinding();

binding.MaxBufferPoolSize = 65535;

binding.MaxBufferSize = 65535;

binding.MaxReceivedMessageSize = 65535;

binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;

var endpoint = new EndpointAddress(ConfigurationManager.AppSettings["DeleteWebService_URL"].ToString());

//string showOutput = ConfigurationManager.AppSettings["ShowOutput"].ToString();

string sKeepWindowOpen = ConfigurationManager.AppSettings["KeepOutputWindowOpen"].ToString();

devCARE.NDataAccessSoapClient service = new devCARE.NDataAccessSoapClient(binding, endpoint);

var database = service.GetAvailableDatabases(string.Empty).ToString();

if (sKeepWindowOpen.ToUpper() == "Y")

Console.ReadLine();

}

static private void TESTPublicDelete(string pPublic_Delete)

{

SqlConnection sqlConn = null;

SqlCommand sqlComm = null;

string sCareConnection = ConfigurationManager.ConnectionStrings["CARE_UserDefined_ConnectionString"].ConnectionString;

string sRecordsForDeletionSP = ConfigurationManager.AppSettings["TestSP"].ToString();

try

{

sqlConn = new SqlConnection(sCareConnection);

sqlComm = new System.Data.SqlClient.SqlCommand(sRecordsForDeletionSP, sqlConn);

sqlComm.CommandType = CommandType.StoredProcedure;

sqlConn.Open();

sqlComm.ExecuteNonQuery();

}

catch (Exception ex)

{

string err = ex.Message;

}

finally

{

sqlComm.Dispose();

if (sqlConn.State == ConnectionState.Open)

sqlConn.Close();

sqlConn.Dispose();

}

Thank you very much,

Jane.

Answer

The error indicates an authentication mismatch. To figure this out you need to start with the server side. There is a good write-up on WCF authentication here. The Negotiate scheme indicates that the client and server will negotiate between the legacy NTLM and modern Kerberos protocols. This pretty much indicates that you're using Windows auth to me.

Let's start with that devCARE client type you have. Where did you get it? If you installed a third party library that added it then you'll have to look in the docs for it to see how to configure. If you instead used VS's Service Reference feature then your work is pretty much done. You just need to clean up your code.

If you are using Service Reference then get rid of all that configuration code in your Main function. You should be able to just create an instance of the client and call it. It should automagically pull its configuration data from your app's configuration file (app.config) correctly and work.

If you are not using a Service Reference then you have to build that configuration by hand. You'll want to put it in your app.config file so you can make changes without recompiling your code. Therefore you're still going to remove all the code from Main outside the creation of the client itself. To get the configuration settings to use requires some work. Again, a Service Reference, will auto generate all this for you and is easiest but if you cannot go that route then it is a manual process of trial and error.

Take a look at the WCF service you're trying to call. Ideally if you have the code then look there but if it isn't your service then use the WcfTestClient that is installed as part of VS to connect to the endpoint instead. Once you successfully connect then you can right click the endpoint in the test client and see what configuration they are using. Copy this configuration information into your client app's configuration file. Once you've copied the configuration changes into your app.config then you can remove all that configuration code you wrote in the Main function.

When you're done your Main function should be something simple like this.

   static void Main(string[] args)  
   {  
       string sKeepWindowOpen = ConfigurationManager.AppSettings["KeepOutputWindowOpen"].ToString();  
     
     
      //Should pull configuration from your app.config file. Might need to pass it the name of the endpoint in the config though  
      //using (devCARE.NDataAccessSoapClient service = new devCARE.NDataAccessSoapClient("endpointnamefromconfig"))  
      using (devCARE.NDataAccessSoapClient service = new devCARE.NDataAccessSoapClient())  
      {  
         var database = service.GetAvailableDatabases(string.Empty).ToString();  
         if (sKeepWindowOpen.ToUpper() == "Y")  
            Console.ReadLine();  
      }  
   }

Note that clients, especially if you installed a library to get it, can be quite different in their configuration so without additional information we'll just be guessing at exactly how to get this code to compile correctly for you.

HTTP and HTTPS / The HTTP request was forbidden with client authentication scheme 'Negotiate'. (403) Forbidden.

1 answer