Thursday, 12 November 2009

WCF Fix-The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'.

I thought I'd done a post on this error previously, but I double checked google and I obviously hadn't.

The Problem
When calling WSS / SharePoint web services (such as Lists.asmx) via WCF, you will normally get this error if you leave the settings as configured by the “Add Service Reference Wizard” :

“The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'.”

The Solution

You must specify a non-anonymous impersonation level for your ClientCredentials. Just specifying a username and password for your WCF Service reference's ClientCredentials.UserName.UserName and ClientCredentials.UserName.Password is not sufficient to resolve the problem.

In particular (When SharePoint server is on different domain):

ServiceReference1.ListsSoapClient client = new ServiceReference1.ListsSoapClient();
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("username", "password", "domain");
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Identification;
client.GetListCollection();


Of course, when on same domain, don’t have to pass in the Windows.ClientCredential information. You can also set the above values in app.config configuration elements rather than code, but I won't cover that here.

You can use (with descending levels of security):
System.Security.Principal.TokenImpersonationLevel.Identification
System.Security.Principal.TokenImpersonationLevel.Impersonation
System.Security.Principal.TokenImpersonationLevel.Delegation

Details on these impersonation levels can be found at: http://msdn.microsoft.com/en-us/library/system.security.principal.tokenimpersonationlevel.aspx

Config Changes


<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ListsSoap">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<client>
<endpoint address="http://servername/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="ListsSoap"
contract="ServiceReference1.ListsSoap" name="ListsSoap1" />
</client>
</system.serviceModel>
</configuration>

35 comments:

Hardy said...

I used similar code to call to CRM4.0 service in a different domain, but I still did not make it work. I got message "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.".

pranam said...

Hi David,
You really saved my day today

I used the same security settings NTLM for my web.config file.
it resolved the error which i used to get
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'

DRU said...

Thanks David,

You really saved a lot of my time with this post!
Your solution worked for me.

Best regards,
Dmitry

mknopf said...

thanks a ton man, saved me from pulling my hair out on this one.

John said...

Thanks a million, this really helped me!

Kjell W. said...

Great post! Saved me a lot of time.

Thanks!!

Ravi said...

Thanks David, you save my time.

kaviya Balasubramanian said...

After changing the all it shown following error.
Could not load file or assembly 'Indx.Xhq.Client.Solution, Version=100.38.0.4, Culture=neutral, PublicKeyToken=145342ae5acb8abb' or one of its dependencies. Access is denied.

could you please help out this?

kaviya Balasubramanian said...

After changing the all it shown following error.
Could not load file or assembly 'Indx.Xhq.Client.Solution, Version=100.38.0.4, Culture=neutral, PublicKeyToken=145342ae5acb8abb' or one of its dependencies. Access is denied.

could you please help out this?

Unknown said...

Thank you

You saved a lot of my time. Your blog is really helpful

Anything Interesting said...

Saved my time too..

Anything Interesting said...

Saved my time too...

Unknown said...

You saved my behind, thanks :-)

BlogBrett said...

Still didn't fix it for me :(

Unknown said...

Tableau Data Visualization Software
SQIAR (http://www.sqiar.com/solutions/technology/tableau) is a leading Business Intelligence company and provides Tableau Software consultancy across United Kingdom and USA.

Shconer Design said...

Can I set default cridential programmatically, I use multiple wcf client with NTLM Authentication, so i can set once cridential for all wcf client

Julka Hendri said...

Can I set default cridential programmatically, I use multiple wcf client with NTLM Authentication, so i can set once cridential for all wcf client

Julka Hendri said...

Can I set default cridential programmatically, I use multiple wcf client with NTLM Authentication, so i can set once cridential for all wcf client

Unknown said...

Thanks this helped a lot, I was using basic authentication, so only used the web.config part and provided user Id and Password like this:

MyService client = new Myservice();

client.ClientCredentials.UserName.UserName = @"domain\UserName";
client.ClientCredentials.UserName.Password = "Password";
var response = client.GetCurrentTransmissions("F2FD76FD-5DF7-4915-972D-703C403F932E");

And My web.config looks like this :

"







"

Lar Shar Kyi said...

How to call without username and password? But i will use window authentication. Please.

Unknown said...

This is very nice blog,and it is helps for student's Tableau Online Training

Pankaj Singh said...

Nice blog, keep more updates about this type of information. Visit for the best Website Designing and Development Company in Delhi.
Website Designing Company in Delhi

Mutual Fundwala said...

Get Mutual Fund Investment Schemes by Mutual Fund Wala and know about the best investment platform for you, to get profit.
Mutual Fund Agent

Kala Kutir said...

Awesome information, visit our page lifestyle magazine to get the best fashion and lifestyle magazines.
Lifestyle Magazine India

Just Info said...

Thanks for your efforts for this blog. Visit Kalakutir Pvt Ltd for Caution & Indication Signages and Warehouse Zebra Painting.
Warehouse Zebra Painting

gautham said...

thanks for your post blockchain online training hyderabad

gautham said...

In azure, the career has good growth in a cloud environment azure training

gautham said...

There professional for SQL has a good hope pl sql training

Jack sparrow said...

I am a regular reader of your blog and I find it really informative. Hope more Articles From You.Best Tableau tutorial videos available Here. hope more articles from you.

jeewangarg said...


Wow!!! It was really an Informational Article which provide me with much Insightful Information. I would like to first thank the author for such an Insightful Content. If someone here is looking for a Website Designing Company in India, then look no further than Jeewangarg.com as we are the best website designing company in Delhi working in the arena for the last 8 years.
Best website designing company in India
website designing company in Delhi NCR
Google Partner in India

nexusups said...

Thanks for the great article and post. Need a Industrial UPS? Don’t go beyond nexusups. “A popular Industrial UPS which offers an extensive range of exceptional Industrial UPS, and Online Online UPS Free to contact.

Servo said...

Thanks for the great article and post. Need a servo voltage stabilizer manufacturers in india? Don’t go beyond servo star “A popular stabilizer price which offers an extensive range of exceptional servo stabilizer. Feel Free to contact.

svrtechnologies said...

Whatever we gathered information from the blogs, we should implement that in practically then only we can understand that exact thing Learn Tableau Online clearly, but it’s no need to do it, because you have explained the concepts very well. It was crystal clear, keep sharing..

Mobile app development company in Mumbai said...

Mobile app development company in gurgaon

rightselects said...


Thank You author for providing such insightful information on elevators, if anyone out there is looking for Passenger lifts then, visit right selects where you’ll get the most accurate information on the top 10 elevator companies in india that you can use to choose the best elevator company in India.