.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WCF The Security Support Provider Interface (SSPI) negotiation failed

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);


View Complete Post

More Related Resource Links

Security negotiation failed because the remote party did not send back a reply in a timely manner. T



Dear All i have created one simple service

like this

namespace WcfService2
        public class Service1 : IService1
        public string ShowEmpName(string strFirstName, string strLastName)
            return strFirstName + strLastName;

after executing in .net command promt i got 2 files

service.cs & output.config

after that i create one class file like this

namespace WcfService2
    public class clientcs

        static void Main(string[] args)
            Service1Client client = new Service1Client();
            string strResult = client.ShowEmpName("Pradeep", "Deokar");

A call to SSPI failed: The target principal name is incorrect - How to ignore this Security Check

I find that I am getting this error since I am using the netTCPBinding. I don't get this exception when the client and server are on the same machine, but when they are on different machines, this exception occurs. If I set the identity on the end point as mentioned in the article: http://blogs.msdn.com/b/drnick/archive/2007/11/08/setting-a-user-principal-on-the-endpoint.aspx it is working fine.   So my question is , should the service end point always have an identity when using netTcpBinging? I tried setting Security.Mode = None and still I got this identity exception. is there any way through which I can ask the service to ignore the SSPI details and accept client request?   Thanks!

not your usual SSPI negotiation failed error

Okay, it is the typical message: The Security Support Provider Interface (SSPI) negotiation failed.  But the scenario is different than when I've run into it before.  In our setup, we have a workstation within a very secure environment running an application that needs to call one of our WCF services which are using Windows Authentication.  If I run this app on our regular network with a domain account it runs just fine.  Within the secure environment on this workstation, it throws the SSPI error.  Here's where it gets interesting.  For at least one user, who had logged into the machine before it had been fully "hardened" the application still works.  For users logging in since then, fail.  I am guessing there is some specific facet of local profile creation that doesn't work in our hardened environment that does not apply to the user whose profile already existed.  I have previously run into the service-to-service issue where you have to create a local profile for your back end service account before its upn will work in the config (which still makes no sense to me).  I'm hoping this is somehow related and one of you internals geniuses will know what part of my profile is missing.  Thanks in advance.

Secure channel cannot be opened because security negotiation with the remote endpoint has failed

Please help me to pinpoint what's wrong with the configurations. CoreClient client = new CoreClient(); client.ClientCredentials.UserName.UserName = "test"; client.ClientCredentials.UserName.Password = "test"; string msg = client.SayHello(); //==== ERROR Happens here Error message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. Configurations: Host: <behaviors> <serviceBehaviors> <behavior name="DefaultBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Promotion.Services.UsernameValidator, LibraryIIS" /> </serviceCredentials> </behavior>

[FtpWebRequest] System.Security.Authentication.AuthenticationException: A call to SSPI failed


Hi All,

   I'm using FtpWebReuqest, SSL enabled, to connect and upload files to an FTP server.

   During testing of the module i'm developing, I've encountered an unhandled exception indicating,

   "System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid"


Now before I decided to post this question here, I've searched the net and found several posts related to this. However, most them were not really helpful and not that clear. Hence, the post. :)

Additional info, I've already over ride the validation part of the SSL connection using the codes below:


ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(MyCertValidationCb);

public static bool MyCertValidationCb(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)


        return true;



What I can't really figure out is the root caus

SOAP Security negotiation with "http://.." failed


I have WCF end-point service hosted by Windows Service and configured as:


<service name="SmartLabs.WcfCallbackServiceLib.NotifyService">

        <endpoint address

The provider does not support searching and cannot search


Hi All,

I am having some trouble with searching on Active Directroy.

Here is the code I used to connect to Active Directory.


DirectoryEntry de = new DirectoryEntry( "LDAP://subdomain.domain.co.uk/rootDSE", ConfigurationManager.AppSettings[

Fuzz Testing: Create a Custom Test Interface Provider for Team System


Dan Griffin shows the extensibility of Visual Studio 2005 Team Edition for Software Testers by discussing the modification of the existing Test Interface Provider sample in the latest Visual Studio SDK and implements Fuzz Testing.

Dan Griffin

MSDN Magazine November 2007

Windows Forms: .NET Framework 1.1 Provides Expanded Namespace, Security, and Language Support for Yo


With the much-anticipated release of the .NET Framework 1.1, developers are eager to know what's been added to their programming bag of tricks. In this article, the author focuses on new developments in Windows Forms, such as namespace additions, support for hosting managed controls in unmanaged clients, and designer support for C++ and J#. Integrated access to the Compact Framework and new mobile code security settings also make this release noteworthy. Along with these features, the author reviews the best ways to handle multiple versions of the common language runtime and highlights some potential pitfalls.

Chris Sells

MSDN Magazine March 2003

Server 2008 R2 -> Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error mess


So I am using the aspnet_regiis.exe tool to encrypt sections of the web.config in my asp.net applications and services.  I have done this for years successfully on Windows Server 2003 (IIS 6).  However I just moved some apps over to Windows Server 2008 R2 (with IIS 7.5) and I am now receiving the following error at runtime:

"Server was unable to process request. ---> Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Bad Data."

Now I am quite familiar with this process and am stumped at what I have missed this time around.  I have done ALL of the following which typically suffices for the process on the server. PLEASE READ ALL AND DO NOT PROVIDE RESPONSES OR LINKS FOR THINGS I HAVE ALREADY DONE Thanks!!  Wink

  1. Imported the keys to the server using aspnet_regiis -pi  Result: Success
  2. Given FULL permission (using -full switch) using aspnet_regiis -pa to ALL of the following accounts  Result: Success
    1. SQL Server Express 2008 Setup fails. Support Rule "Restart Computer" Failed

      Hi, I have been trying to install SQL Server Express for most of the day now without any luck.  Whatever I do setup fails at the stage of Setup Support Rules, Rule "Restart Computer" - Failed.  Needles to say I have restarted (several times!) and I have tried downloading  and installing the "Advanced", "Tools" and "Basic" versions, all give the same error.  Trying a repair does the same.  I have been searching the net for an answer without success, any help would be MUCH appreciated. Further info: I am trying to install a stand-alone installation on to a single PC running under XP SP 3 with .NET 3.5 SP1 installed.  The PC did have some earler versions of SQL server installed but I (?hopefully?) removed all of these through Control Panel.  Before trying the first SQL install I installed Windows installer 4.5 and PowerShell 1.0 as per the Microsoft Instructions. Running SQL Server Configuration Manager results in an error (MMC could not create the snap-in. The snap in might not have been installed correctly).  A directory structure for SQL server exists in "Program Files".  Services MSC shows SQL Server (SQLEXPRESS) as Automatic Statup (not running).  Trying to start this manually gives error 14001: "application configuration incorrect - re-install to fix" .......... Which is precisely what I'm trying to do.........:(

Webshop Security - Membership provider useful?

Hello,I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)Some tips appreciated.. :-)Thanks and regardsChris 

Login failed for user 'sa'. (.Net SqlClient Data Provider)

Hi,     I am able to login using windows Authentication to my DB server. But when I am trying using Sql server authentication "sa" then following error is coming:   =================================== Cannot connect to .. =================================== Login failed for user 'sa'. (.Net SqlClient Data Provider) ------------------------------ For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 ------------------------------ Server Name: . Error Number: 18456 Severity: 14 State: 1 Line Number: 65536 ------------------------------ Program Location:    at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)    at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)    at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)    at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)    at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) &

Security Context Token verification failed. (The security protocol cannot verify the incoming messag

Hello, I would like implement Message Lever security with username/password authentication on HTTP. My environment looks something like this.  Server Side - Message lever security is configured on service.           <security mode="Message">             <message clientCredentialType="UserName" negotiateServiceCredential="True"/>           </security> - CA and self signed certificates are created on server and configured. ServiceCredentials are looks like this <serviceCredentials> <serviceCertificate findValue="CertForIdm" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" /> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="IfMembershipProvider" /> </serviceCredentials> Client Side (References are generated by VS) - Binding configuration                 <binding name="WSHttpBinding_IWaypoint2" closeTimeout="00:11:00"                     openTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:11:00"  &nb
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend