Home/ Questions/Q 3796334
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T13:13:14+00:00

I got a WCF service hosted in a shared environment (we rent space from

  • 0

I got a WCF service hosted in a shared environment (we rent space from a web hosting company, but we have a dedicated application pool.), and I got an asp.net web application which calls wcf service. Both projects are .NET 4 projects.

If I run my web application from VS2010, I can easily make wcf calls. However, I got exceptions if I publish the website in that shared environment and make wcf calls from there.

Exception details:

[FaultException: The request for security token could not be satisfied because authentication failed.]
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) +5499790
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) +49

[SecurityNegotiationException: The caller was not authenticated by the service.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +9464367
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +345

I also publish the website on my local machine, it works too.

Here is my config on the server side:

<wsHttpBinding>
            <binding name="wsHttpBinding" closeTimeout="00:01:00"
                     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                     transactionFlow="false"
                     hostNameComparisonMode="StrongWildcard"
                     maxBufferPoolSize="2147483647"
                     maxReceivedMessageSize="2147483647">
               <readerQuotas maxDepth="2147483647"
                                          maxStringContentLength="2147483647"
                                          maxArrayLength="2147483647"
                                          maxBytesPerRead="2147483647"
                                          maxNameTableCharCount="2147483647" />
            </binding>
        </wsHttpBinding>

Client side code:

 factory.Credentials.Windows.Username = "user";
 factory.Credentials.Windows.Password = "psw";
 factory = new ChannelFactory<IService>(binding, serviceAddress);
 factory.Open();
 service = factory.CreateChannel();

I want to use wsHttpBinding instead of basicHttpBinding, and I do need some security, so I dont want to set security mode to None.

IIS version is 7 on Windows 2008 R2, and it is set to allow anonymous authentication. Asp.net Impersonation is disabled.

I do not think there is anthing wrong in these settings because it does work if I run web site project from VS2010.

Thanks for any help.

Xiaosu

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Windows client credentials are supported only if both client and server (it means web site and service) are in the same windows domain or on the same computer. SSPI negotiation or Kerberos negotiation doesn’t work between untrusted computers/domains.

    • 0