BizTalk send port throws error System.Net.WebException: The HTTP request was forbidden with client authentication scheme 'Anonymous'

Question

I am getting the error

System.Net.WebException: The HTTP request was forbidden with client authentication scheme 'Anonymous'.

From a BizTalk send port.

Any ideas what can cause this issue?

Answer 1

That error occurs if the web service is expecting some authentication and BizTalk is not sending any credentials or other authentication. So you need to go into the Security tab, set the Security mode to either Transport or TransportCredentialOnly and select a Transport client credential type

There is a known issue with the WCF-WebHttp adapter where even when you specify a authentication schema in Transport client credential type it returns errors like the below.

Fault Description: System.Net.WebException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was ''.

The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was ''.

HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was ''

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was ''.

This appears due to the WCF-WebHttp adapter not sending credentials preemptively and expecting the server to return the type of authentication scheme which is acceptable, but which in some servers/APIs are returning as blank, and so it errors out. The only way to resolve this is with a custom EndPointBehavior that adds the appropriate authorization headers to the payload preemptively.