Unable to get WCF service authentication working with IIS 6.0

Question

I am going to try to keep this question as brief as possible since the problem is a little tricky to explain for me. Please ask any queries if something is left unclear. So here you go,

This is the error message I have been getting for a while as I am working on this, "The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'. The remote server returned an error: (401) Unathorized"

I have two Windows boxes, Box1 and Box2. I have 2 WCF services (ServiceA and ServiceB) hosted in IIS 6 on each of them. Functionally, ServiceA talks to db only. ServiceB talks to ServiceA and gets results. Both services have anonymous access and Integrated Windows authentication enabled. ServiceA runs under Application pool ServiceAPool and ServiceB runs under ServiceBPool. Each of these app pools have configured identity of a domain user. These app pools are exactly same on Box1 and Box2.

First, My client application (just a small console app), calls ServiceA on Box1 with my Windows credentials. It works.

Second, My client application , calls ServiceB on Box1 with my Windows credentials. This ServiceB calls ServiceA internally with domain user (app pool identity) It works.

The Second point I mentioned above does not work on Box2, it gives the above error. Just to be clear, the service code including web.config file etc is exactly same on both boxes. The domain user for app pool is the same. Both boxes are on same domain.

What I have observed is (probably), on Box2, when I call ServiceA with my windows credentials, it works, but when there is a hop between services with some other domain account (like my app pool account) it fails with the error above.

If anyone has seen such kind of behavior please share some information.

Unable to get WCF service authentication working with IIS 6.0

Answers (1)

Related Questions