WCF and HTTP request is unauthorized with client authentication scheme ‘Ntlm’

 This turned out to be “fun”, so I thought I’d share.  OK, i have a few WCF services that call each other, all on the same network.  I create dynamic proxies (not anything generated by svcutil) as i needed the flexibility, but still using straight up WCF stuff, nothing too fancy.   The consumers might be .net or java, or php, so to keep things open to all, I went with the httpBasicBinding, and figured I’d stick with Windows Authentication to keep things simple (we can always come back later and make things more custom/complicated as needed).   So, I set up the binding as follows, and this worked fine (for a while):

<binding name=“ServiceBindingBasic“ sendTimeout=“00:1:00“ maxReceivedMessageSize=“10000000“>
<readerQuotas maxArrayLength=“10000000“ maxStringContentLength=“10000000“/>
<security mode=“TransportCredentialOnly“>
<transport clientCredentialType=“Windows“ />
</security>
</binding>

Then, after a few months, I started seeing this message on my [somewhat new] XP machine:
The HTTP request is unauthorized with client authentication scheme ‘Ntlm’. The authentication header received from the server was ‘Negotiate,NTLM’.
Yet, when these services were installed on Windows Server 2003 sp1, no issues.  At the end of the day, the credentials were’nt flowing correctly from one machine to another, and when I finally found a small article that had one tidbit that worked,  I got past this thing.  I needed to set this on my dynamic proxy:
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
So, if you ever see this error message, or a derivative of it, don’t go chasing down things like this crap until you’ve ensure your TokenImpersonationLevel meets whatever your requirements are.

I must admit, WCF security is a huge topic, and I certainly don’t lay claim to expertise in this area, so also consult others!

J

 

Loving asp.net 3.5 ajax

Yeah, I know I’m a bit late for the Ajax party (I was hung over from the WCF party), but I’m digging asp.net ajax big-time. I’m working through my 2nd book on the subject, and combined with lovely IDE intellsense sugar, the experience is downright fun!

 J

Asp.net ajax (3.5) serialization and extension methods

ok, so the IDE is much slower when designing web forms, but other than that VS 2008, the 3.5 flavor of Asp.Net Ajax, and .net 3.5 in general rock the casbah big time.

For example, today I had to whip up a little code to serialize a small object graph to the client, so that I can allow users to interact with a couple UI controls, whose combined selection displays a result.  It would be crazy to do a postback, and even silly to do an async ajax retrieval, as simply caching the object graph yields the very best user experience.

The new System.Runtime.Serialization.Json.DataContractContractJsonSerializer rocks.  Combine that with a tiny extension method (see this article)  and the serialization is easy.  On the client-side, just use the Sys.Serialization.JavaScriptSerializer.deserialize(‘[your JSON here]‘) and you are off and running.  Very clean, very simple, very nice job Microsoft!

 OH, by the way, i’m using the ajax slider, very slick as well! 

 J

HttpContext simulation for unit tests

I’d rant about this one, but this article and included code does so wonderfully.

 This is no substitute for decoupling your code from things like HttpContext, but there are those times where its a near-dependency (ex. our legacy system uses the path to resolve certain client conditions)