The caller was not authenticated by the service in WCF Service on VMs

Question

I'm trying to get a Client to connect to a WCF Service hosted in a Windows Service. The client is running on a computer that has no network and no domain, Win XP SP3. The computer is running a VM of Win XP SP3, and has the previously mentioned WCF Service running. The VM is configured to "share network with host". The 2 machines can ping each other.

I've tried running the service as both a LocalService and running it under a user account/password that is on both the real machine and the VM.

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
            <section name="DllAnalyzer.DllAnalyzerClient.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
        </sectionGroup>
      <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
    </configSections>
    <system.serviceModel>
        <client>
          <!--This is the endpoint to the VM Running the service -->
            <endpoint address="http://192.168.224.1:8001/DllAnalyzerService/"
                binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_IDllAnalyzerService"
                contract="AnalyzerServiceReference.IDllAnalyzerService" name="WSDualHttpBinding_IDllAnalyzerService">
                <identity>-->
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </client>
      <bindings>
        <wsDualHttpBinding>
          <binding name="WSDualHttpBinding_IDllAnalyzerService" closeTimeout="00:01:00"
              openTimeout="00:01:00" sendTimeout="00:01:00"
              bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
              maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
              messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
            <reliableSession ordered="true" />
            <security mode="Message">
              <message clientCredentialType="Windows" negotiateServiceCredential="true"
                  algorithmSuite="Default" />
            </security>
          </binding>
        </wsDualHttpBinding>
      </bindings>
    </system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup><applicationSettings>
        <DllAnalyzer.DllAnalyzerClient.Properties.Settings>
            <setting name="UseSelfHostingService" serializeAs="String">
                <value>True</value>
            </setting>
        </DllAnalyzer.DllAnalyzerClient.Properties.Settings>      
    </applicationSettings>
    <log4net>
      <appender name="LogFileAppender" type="log4net.Appender.FileAppender">
        <param name="File" value="${USERPROFILE}\DLL Analysis Logs\ClientLog.txt" />
        <param name="AppendToFile" value="true" />
        <layout type="log4net.Layout.PatternLayout">
          <param name="Header" value="[Header]&#xD;&#xA;" />
          <param name="Footer" value="[Footer]&#xD;&#xA;" />
          <param name="ConversionPattern" value="%d [%t] %-5p %c %m%n" />
        </layout>
      </appender>
      <root>
        <level value="DEBUG" />
        <appender-ref ref="LogFileAppender" />
      </root>
    </log4net>
</configuration>

I got this set up running VMs on a different machine that does have a network connection

Answer 1

Your problem is that you have configured message security on your wsHttp binding, using the client's Windows credential, but the server doesn't recognise the client's Windows credential because there is no domain trust between the server's domain and the local security authority on the client VM.

If the VM cannot be joined to the same domain as the server, you will need to change to use a different credential such as a client certificate, or disable message security.