.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Easy Web
Imran Ghani
Post New Web Links

WCF Kerberos authentication sends request twice

Posted By:      Posted Date: May 22, 2011    Points: 0   Category :SharePoint
 

Hello,

I have a problem where all my client requests are sent twice to the WCF service. The first request sent is anonymous and receives a 401 response so the client sends the request a second time with the proper authentication information. With NTLM this happens only once when the connection is open but with Kerberos it happens for every request! This is awful for performance and after looking a long, long time on the Internet I simply couldn't find a solution, and I'm afraid there might not be one. It seems to be the way it works. But I thought I'd ask the question here and hope that somebody has a solution to prevent these double requests with Kerberos.

Here is my simplified binding definition:

 


View Complete Post


More Related Resource Links

Windows 2008 R2 kerberos authentication

  
Hi i have install windows 200R2 with blackpearl but i have this issue with Kerberos Authentication the same account when using ie8 on the local machine allows me to login while the same credientials using ie7 & ie8 on remote machine will keep prompting for credentials; any advise on this?

The HTTP request is unauthorized with client authentication scheme 'Anonymous'

  
I am trying to do a soap request from a WebCTRL server. I went to add a service reference, entered the URL to my wsdl and (after prompting me for a username and password) it added the reference and I can create an instance of the service object and makes calls against it.   Dim eval As New WebCTRL_Eval.EvalClient eval.Open() Debug.Print(eval.getValue("#reception_40/lstat"))   I get this back from the server, on open and getvalue.   The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="SOAP Access"'.   I understand that it is the HTTP authentication that I need to setup or configure, but just dont understand how to do it.   I have tried eval.ClientCredentials.UserName.UserName = "myusername" eval.ClientCredentials.UserName.Password = "mypassword"   How do I change the client authentication scheme and provide my credentials to it?   Here is what is on my app.config file.   <system.serviceModel>  <bindings>   <wsHttpBinding>    <binding name="EvalSoapBinding"     bypassProxyOnLocal="false"     transactionFlow="false"     hostNameComparisonMode="StrongWildcard"     maxBufferPoolSize="524288"     maxReceivedMessageSize="65536"     messageEncoding="Text"

Kerberos Authentication with WCF Client Fault Exception

  
Hello, I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL.   System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.    at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()    at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)    at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)    at Microsoft.Web.Services3.Security.EncryptedData.Decrypt() &nbs

WCF Kerberos Authentication Custom Binding

  
Hello,I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL. `System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.    at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()   at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)   at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)   at Microsoft.Web.Services3.Security.EncryptedData.Decrypt()   at Mic

The HTTP request was forbidden with client authentication scheme 'Anonymous'

  
I am trying to build a proof of concept of a WCF service utilisting a
wsHttpBinding with Transport Certificate security. I am having problems
connecting to it with a console client - everytime I try to open the channel
I get the following error: The HTTP request was forbidden with client authentication scheme 'Anonymous'.

can any one help me?
Thanks a lot
Frank Xu Lei--????,????
???.NET?????????????????????
Focus on Distributed Applications Development and EAI based on .NET
?????????????:Welcome to My Chinese Technical Blog
??????WCF??????:Welcome to Microsoft Chinese WCF Forum
??????WCF??????:Welcome to Microsoft English WCF Forum

kerberos authentication

  

Hi ALL,

I am new to ASP.Net web application and I need to learn Kerberos authentication urgently. I have gone thorugh the basic mechanism of it but I need a sample project to learn the kerberos authentication. Can anybody please help me in these...

Suppose, a web page containg text boxes for user Id and password..and when the form is submitted, Kerberos authentication is done for that user...a simple web application that uses kerberos authenticatino.

can anybody please help me by providing this type of sample application so that the coding part can be understood. 


The HTTP request is unauthorized with client authentication scheme 'Anonymous'.

  

 

hi,

I am receiving an error when i am callign the WCF service which is hosted in the IIS,

 

The HTTP request is unauthorized with client authentication scheme 'Anonymous'.The authentication header received from the server was 'Negotiate,NTLM' while calling service hosted in IIS.

 

Both check boxes are checkd in the properties->DirectorySecurity->Edit...

Anonymus and Integrated Windows.

 

Can anybody help me regarding thsi issue...

 

 

NImesh

 

 


Kernel-Mode authentication without Kerberos

  

I have installed a new SharePoint 2010 farm and am using NTLM authentication.  When i try to access CA i am asked to login 3 times. After doing so i have a blank screen.  I have seen many posts here and elsewhere with this same symptom and it looks like it is usually a problem with Kerberos, but i am not using that.

I have determined that if i enable kernel-mode authentication all seems to work. i have tested several times enabling and disabling kernel-mode authentication in IIS and it always works.  If kernel-mode is enabled i can get to CA if kernel-mode is disabled i cannot get to CA.  What is troublesome is i have read a few posts that say that for SharePoint Kernel-mode should be disabled. So my question is, should i have kernel-mode enabled on sharepoint iis web sites when i am not using Kerberos?  And what about this extended protection?

Steven Albrecht
University of Colorado Denver


Claims-based authentication w/ SP2010 Foundation and performing a web request in code

  

Hey all! Using VS2010 and SP2010 Foundation on Win2008R2 dev machine, the following code within a custom LDAP provider class originally worked using OOB authentication until I switched to claims-based authemtication. The purpose behind the code is to check a url for access using the existing user and return a true or false.

HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(Url);
myRequest.Method = "GET";
myRequest.UseDefaultCredentials = true;
myRequest.Timeout = 8000;
myResponse = myRequest.GetResponse();
streamReader = new StreamReader(myResponse.GetResponseStream(), System.Text.Encoding.UTF8);
string result = streamReader.ReadToEnd();

After switching to claims-based auth, I now get a 403 error in code regardless if the user has access or not. Here's the web.config:

<membership defaultProvider="i">
      <providers>

        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

        <add name="CustomLDAPMembership" type="[custom ldap class]" server="[omitted]" port="

The HTTP request is unauthorized with client authentication scheme 'Anonymous' The authentication

  

Hi all,

The scenario is as follows.

I need to connect to a webservice hosten in a JBOSS server.

The server provides a certificate, besides it requires username and password to validate against an LDAP.

My part is to develop a client in .NET WCF that uses the constraints defined above.

Here is my client code:

 

service.ServiceModificarDomicilioContactoPersonasClient servicioJboss = new service.ServiceModificarDomicilioContactoPersonasClient();

service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;


service.ClientCredentials.UserName.Password = "******";
service.ClientCredentials.UserName.UserName = "******";

service.ClientCredentials.Windows.ClientCredential.UserName = "********";
service.ClientCredentials.Windows.ClientCredential.Password = "********";

service.modificarDomicilioResponse resp = new service.modificarDomicilioResponse();
service.modificarDomicilio metodo = new service.modificarDomicilio();
               
metodo.arg0 = 1;

metodo.arg1 = 1402251;

metodo.arg2 = 506907;

metodo.arg3 = 1;

metodo.arg4 = 999999;

Windows authentication using SSRS 2008 R2 on separate machine from SQL db engine - Kerberos required

  

Is this still an issue in SSRS 2008 R2:  Can't use Windows authentication (integrated security) when the SQL database server is on a different machine than Reporting Services -- unless you (1) use Kerberos security, or (2) store credentials, or (3) use credentials supplied by the user when running report AND use as Windows credentials to impersonate?

I have SSRS 2008 R2 set up on a different machine than MSSQLServer 2008 R2.  When I create a report on the SSRS server that uses a data source specifying Windows integrated security, my symptom is that I get the following  error:

Cannot create a connection to data source 'myDataSource'. ---> System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Here is a blog describing the problem under SSRS 2005 (with IIS): http://blogs.msdn.com/b/jgalla/archive/2006/03/16/reporting-services-and-windows-authentication.aspx

Thanks!

-Tom


Richard Thompson

SAML Authentication Request Deflate and Encode

  

How to implement this in ASP.NET (.NET 1.0)? I need to have analog of this (in Java):

// first DEFLATE compress the document (saml-bindings-2.0, section 3.4.4.1)

byte[] xmlBytes = xmlString.getBytes("UTF-8");

ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();

DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);

deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);

deflaterOutputStream.close();

// next, base64 encode it

Base64 base64Encoder = new Base64();

byte[

Windows Integrated Authentication and Kerberos delegation.

  

I currently have 2 seperate domains.

Domain A

Domain B

 

No domain trust has been establish.

 

In this scenario, if user is connected to Domain A via its desktop. Is there a way to access to a SQL Server in Domain B without using SQL authentication.

 

I heard of kerberos but would that solve my issues ?

 

Regards

GGB


WCf client request unauthorized with client authentication scheme 'Ntlm'. The authentication heade

  

Hi,

I try to connect to a wcf service hosted in iis from a console application.

I have this message : The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

(By the way it works when my client is a silverlight application ...)

Web.config (iis 6.0 server configuration):

  <system.serviceModel>
   <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

   <bindings>
    <basicHttpBinding>
     <binding name="basicHttpBinding">
      <security mode="TransportCredentialOnly">
       <transport clientCredentialType="Windows" />
      </security>
     </binding>
    </basicHttpBinding>
   </bindings>
   
    <behaviors>
      <serviceBehaviors>
       <behavior name="DefaultServiceBehavior">
        <serviceMetadata httpGetEnabled="true" />
        <serviceDebug includeExceptionDetailInFaults="true" />
       </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="WebApplication1.Service1" behaviorConfigur

Getting responce as "Full authentication is required" when sent request via SOAPUI.

  

I am new to SoapUI.

 I created a project, imported WSDL given to me by developer. Enabled the “Authenticate preemptively” flag under “preferences -> HTTP Settings”.

But on sending the request, I am getting responce "This request requires HTTP authentication (Full authentication is required to access this resource)".

How can I resolve this?


The request failed with HTTP status 407: Proxy Authentication Required (the ISA server requires auth

  

I'm new to webservice. I writed an example to work with a web service which is supplied on Internet (its url: http://ws.cdyne.com/delayedstockquote/delayedstockquote.asmx ) when i tried running i got an error message as System.Net.WebException was unhandled
  Message="The request failed with HTTP status 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.  )."

I had found some solutions such as:
+ using ISA firewall
+ configuring proxy from Machine.config
+ inside coding

The first:  I used ISA firewall but i still got the same error, my problem didn't resolve. I guessed that is because ISA firewall needn't use Credentials (username/password).

The second:
 I tried coding in my source, it was okie. This solution is good because following this way i can get defaultCredentials from cache but needn't define straightforwardly my credentials as username/password
my code is as follows:

DelayedStockQuote wsStock =

Forms Authentication Cookie not showing up in Request.Cookies Collection

  

While migrating my ASP.NET 1.1 application to 2.0, I've noticed something very odd that I can't explain:

When a user is authenticated via forms authentication, the forms authentication cookie is visible in the application trace (both in the httpheaders and the request.cookies section).  If I view the request.cookies collection using code in the application, I see the forms authentication cookie in the collection (as well as a "control" cookie I added for comparison).

If I log out of the application, the forms authentication cookie is gone and is not viewable anywhere (as expected).

Here's what's strange: When the login session of an authenticated user expires after 5 minues, the forms authentication cookie is still present.  This is expected as it is a non-persistent cookie and should remain in memory until the browser is closed.  When viewing the trace information, I see the forms authentication cookie in both the http headers and the request.cookies collection.  However, when I view the request.cookies collection from within the application using code, it is NOT there.  (The "control" cookie is, as expected)  I even took the step of reading the cookie in through javascript, and that does in fact work.

I've gone over this for hours using many

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend