SecurityNegotiationException in WCF Service Hosted on IIS 6.

I have hosted a WCF service on IIS. The configuration file is as follows<?xml version=”1.0″?><!–<br /> Note: As an alternative to hand editing this file you can use the web admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings …

via Asp.Net Developed Tutorials » Search Results » ajax:

SecurityNegotiationException in WCF Service Hosted on IIS 6.

I have hosted a WCF service on IIS. The configuration file is as follows











The client configuration file is as follows





openTimeout=”00:01:00″ receiveTimeout=”00:10:00″ sendTimeout=”00:01:00″
bypassProxyOnLocal=”false” transactionFlow=”false” hostNameComparisonMode=”StrongWildcard”
maxBufferPoolSize=”524288″ maxReceivedMessageSize=”65536″
messageEncoding=”Text” textEncoding=”utf-8″ useDefaultWebProxy=”true”
allowCookies=”false”>
maxBytesPerRead=”4096″ maxNameTableCharCount=”16384″ />
enabled=”false” />

realm=”” />
algorithmSuite=”Default” establishSecurityContext=”true” />





binding=”wsHttpBinding” bindingConfiguration=”WSHttpBinding_IService1″
contract=”ServTest.IService1″ name=”WSHttpBinding_IService1″>







When I tried to access the service from client application, I got
SecurityNegotiationException
and details are
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
If I host the service on ASP .NET Dev server, it work well but if I host on IIS above mentioned error occurs.
Thanks,
Ram
………………………………………

I notice that the clientCredentialType in your client code is set to “windows”. This uses the build in windows authentication, so maybe the user the client is running under does not have appropriate permissions on the service host machine.
Having said that, I am not sure what it should be, but it might be a path worth exploring.
………………………………………

can you go this link and see whether it helps.
http://consultingblogs.emc.com/matthall/archive/2009/11/05/wcf-stateful-security-context-token-and-service-accounts.aspx
………………………………………

Create a new test application and add a service reference to the service hosted on the IIS. When it’s done, check the security configuration in the client app.config. Then it is only a matter of spotting the differences with the original client app.
Usually, this exception is raised when the security configurations are different between client and server, WCF is not able to find a common set of security policies that satisfies both parties.
………………………………………

If your IIS is a member of an Active Directory domain, it must have a valid service principal name (SPN) (see: Setspn on Technet)
You must also change your client endpoint configuration to specify the expected SPN.
Try running svcutil against your IIS hosted service to generate a new client config file.
Ex: svcutil.exe http://yyy.zzz.xxx.net/IISTest2/Service1.svc
Then spot the section of the generated Endpoint. It should contain a node. Now try your client with this config file.
………………………………………

I think you should remove the nodes from client and server configuration. This might already make it work. If this does not work yet, I would copy the wsHttpBinding from the client to the server configuration. There could still be something missing but you should be closer.
There is however another issue: I think you should be clear on what kind of security you want. You have quite a mix up of different settings (e.g. You configured security mode Transport but you also have settings for Message security. I think this helped me to set up Kerberos for WCF. Everything is done in code, but you can easily guess what the configuration would look like.

For more info: SecurityNegotiationException in WCF Service Hosted on IIS 6.

Asp.Net Developed Tutorials » Search Results » ajax

SecurityNegotiationException in WCF Service Hosted on IIS 6.

Share this post:

Related Posts

Leave a Comment