How to stop WCF throwing System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials

Question

5.00/5 (2 votes)

See more:

I am really close to getting this WCF platform working across multiple systems and networks using the netTcpBinding. Having got past all of the EndpointNotFoundException and issues with finding the endpoints, I now have a new error of System.ServiceModel.Security.SecurityNegotiationException. I have looked online and have found nothing that works, I just keep getting the error. I assume it is to do with the security and credentials of the connection. The full error is below:

Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException:
The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials.
---> System.ComponentModel.Win32Exception: The log-on attempt failed
   --- End of inner exception stack trace ---
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartReceiveBlob(LazyAsyncResult lazyResult)

   at System.Net.Security.NegoState.CheckCompletionBeforeNextReceive(LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartReceiveBlob(LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextReceive(LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartReceiveBlob(LazyAsyncResult lazyResult)

   at System.Net.Security.NegoState.CheckCompletionBeforeNextReceive(LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
   at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)
   at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)
   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)

   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
   at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at ConsoleApplication10.ServiceReference1.IService1.GetDataUsingnetTcpBinding(Int32 value)
   at ConsoleApplication10.ServiceReference1.Service1Client.GetDataUsingnetTcpBinding(Int32 value) in c:\Users\Henry\Documents\Visual Studio 2013\Projects\WcfService10\ConsoleApplication10\Service References\ServiceReference1\Reference.cs:line 53
   at ConsoleApplication10.Program.Main(String[] args) in c:\Users\Henry\Documents\Visual Studio 2013\Projects\WcfService10\ConsoleApplication10\Program.cs:line 14

This error always and only occurs when the client is being run on a different machine to the host and the IP address has been checked and is correct with the endpoint addresses so as I said it is nothing to do with finding the endpoint.

This is the Web.config file for the SERVICE APPLICATION I am using as the service:

XML

<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true"/>
  </system.webServer>
</configuration>

With code:

C#

[ServiceContract]
public interface IService1
{
   [OperationContract]
   string GetDataUsingnetTcpBinding(int value);
}

And:

C#

public class Service1 : IService1
{
    public string GetDataUsingnetTcpBinding(int value)
    {
        return string.Format("You are fetching: {0} using netTcpbinding", value);
    }
}

This is the App.config file for the HOST CONSOLE APPLICATION:

XML

<configuration>
  <system.serviceModel>
    <services>
      <service behaviorConfiguration="netTcpServiceBehavior" name="WcfService10.Service1">
        <endpoint address="" binding="netTcpBinding" contract="WcfService10.IService1" />
        <endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="net.tcp://192.168.1.64/SampleNetTCPService" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="netTcpServiceBehavior">
          <serviceMetadata httpGetEnabled="false" httpGetUrl=""/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors >
    </behaviors >
  </system.serviceModel>
</configuration>

With code:

C#

static void Main(string[] args)
{
     ServiceHost host = new ServiceHost(typeof(WcfService10.Service1));
     host.Open();
     Console.WriteLine("Press a key to close the host");
     Console.ReadKey(true);
     host.Close();
}

And this is the App.config file for the CLIENT CONSOLE APPLICATION:

XML

<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <system.serviceModel>
        <bindings>
            <netTcpBinding>
                <binding name="NetTcpBinding_IService1" />
            </netTcpBinding>
        </bindings>
        <client>
            <endpoint address="net.tcp://192.168.1.64/SampleNetTCPService"
                binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IService1"
                contract="ServiceReference1.IService1" name="NetTcpBinding_IService1">
                <identity>
                    <userPrincipalName value="HENRYHUNT\Henry" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

With code:

C#

static void Main(string[] args)
{
     ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client();
     string result = proxy.GetDataUsingnetTcpBinding(8000);
     Console.WriteLine(result);
     Console.ReadKey(true);
}

What can I do to allow the client on another machine to connect with the host also on another machine? Thank you.

Posted 31-Dec-13 7:33am

Henry Hunt

Add a Solution

Comments

Kornfeld Eliyahu Peter 1-Jan-14 8:43am

Did you see this line?
System.ComponentModel.Win32Exception: The log-on attempt failed

Henry Hunt 1-Jan-14 10:11am

Finally some help!! Yes...but I don't understand what you mean. Is it not able to log onto the host at the server?

Kornfeld Eliyahu Peter 1-Jan-14 10:16am

It seems to be that way...
Read here: http://msdn.microsoft.com/en-us/library/system.security.authentication.invalidcredentialexception(v=vs.110).aspx

Henry Hunt 1-Jan-14 12:54pm

I have looked online for ages but can't find anything that works. Most say that you should make sure this is in both the client and server applications:
bindings

[nettcpbinding]
[binding name="NetTcpBinding_IService1"]
[security mode="None"/]
[/binding]
[/nettcpbinding]
...but I don't know where to put it in my host. I have tried and put it directly in the system.servicemodel section but I then get a CommunicationException so I don't know what to do.

Kornfeld Eliyahu Peter 2-Jan-14 1:28am

Did you checked this?
http://msdn.microsoft.com/en-us/library/ms731090.aspx

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)