Delen via


Mismatching Auth Schemes

 

Recently, I've come across an interesting exception message in one of my Ad-Hoc WCF projects using .Net 4.0.  The exception message is:

 

The HTTP request is unauthorized with client authentication scheme  'Basic', The authentication header received from the server was 'Negotiate,NTLM,Basic realm="[omitted]"'.

 

This exception message is a bit odd because it says my client was using Basic, and that the server only allows requests using Negotiate, NTLM, or Basic.  But I used Basic, so why would it throw?

 

The two possibilities are:

  1. The username or password were wrong. This is the most obvious.
  1. The Auth schemes on the service don't match those supported by the host. In this case, by host, I mean IIS:

 

So, the host supports Anonymous, Basic, and Windows (NTLM + Negotiate).  (If the host didn't support the auth mode set on the service binding, I would have gotten an activation exception.)  So, a quick peek at the service binding shows that the binding set the ClientCredentialType to "Windows."

 

Most of the time, this wouldn't pose a problem.  Especially if you are dynamically building the clients from WSDL, because the auth schemes for the binding are exposed there.