WCF Security Issue


Rafia Tapia

I have written a WCF service that is hosted in a console application. The
client is a asp.net application. I am exposing two endpoint, one is using
wshttpbinding and other is using nettcpbinding. Both are listening on
different ports and have the defualt bindings. So my understanding is that
with wshttpbinding, I will get message security and with tcp I would get
transport securtiy. My code works fine when both the client and server are
run on the same machine but when the client is running on a remote machine
it gives me the following error

"The caller was not authenticated by the service. "

Below is the app.config of the host running the service

<binding name="BasicHttpBinding">
<security mode="Message">
<transport clientCredentialType="Basic" />
<service behaviorConfiguration="MyService1Behavior"
<endpoint address="ServiceViaWindowAuthHttp" binding="wsHttpBinding"
name="HttpWindowAuthSPObjRetrieval" contract="IObjRetrievalService"
<endpoint address="ServiceViaWindowAuthTcp" binding="netTcpBinding"
name="TCPWindowAuthSPObjRetrieval" contract="IObjRetrievalService" />
<endpoint address="ServiceViaBasicAuthHttp" binding="wsHttpBinding"
bindingConfiguration="BasicHttpBinding" name="HttpBasicAuthSPObjRetrieval"
contract="IObjRetrievalService" />
<add baseAddress="http://my-server:11021" />
<add baseAddress="net.tcp://my-server:11052" />
<behavior name="MyService1Behavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="true" />

Below is the client code

WSHttpBinding bindingElement = new WSHttpBinding(SecurityMode.Message);
proxy = new ObjRetrievalServiceClient(bindingElement, new

What I want is that if on the login screen the user indicate that his
current login credentials should be use then he does not need to supply
username and password and in that scenario the first endpoint( on the server
config) will be used but if the user indicate userid/password on the login
form then the client app should communicate with the server by using the
third endpoint(server config). Since this application will be running in our
intranet, it makes sense to do a single sign on and the identity associated
with window login should be use for service authentication.
Can please help me and point me in some direction of what I am doing wrong.

Steven Cheng

Hi Rafia,

Thanks for your posting. I've found your another cross thread in the
following group on the same question:


I've posted a reply there and please feel free to continue followup there.


Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question