system.net
defaultProxy
useDefaultCredentials="true"
proxy autoDetect="True"/
/defaultProxy
/system.net


We now get the following error:

System.ServiceModel.Security.SecurityNegotiationException: The caller was
not authenticated by the service. ---> System.ServiceModel.FaultException:
The request for security token could not be satisfied because
authentication
failed.
at
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
message, EndpointAddress target)
at
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message
incomingMessage, SspiNegotiationTokenProviderState sspiState)
--- End of inner exception stack trace ---

"> After adding the following to the app.config

system.net
defaultProxy
useDefaultCredentials="true"
proxy autoDetect="True"/
/defaultProxy
/system.net


We now get the following error:

System.ServiceModel.Security.SecurityNegotiationException: The caller was
not authenticated by the service. ---> System.ServiceModel.FaultException:
The request for security token could not be satisfied because
authentication
failed.
at
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
message, EndpointAddress target)
at
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message
incomingMessage, SspiNegotiationTokenProviderState sspiState)
--- End of inner exception stack trace ---



Your error message kind of indicates that you have to make the same changes
in the app.config on the WCF service side that you made to the WCF client
side app.config.

This is not your particular situation in the link provided. However, it is
talking about under what type of conditions that you must deal with the WCF
client and service side config files so that they contain the same
information on both sides.

http://blog.scorpiotek.com/2009/01/02/how-to-increase-the-maxarraylength-in-a-wcf-component/








__________ Information from ESET NOD32 Antivirus, version of virus signature database 4075 (20090514) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

I don't think that's the right direction to be looking in for this
problem -
we may have clients who run without a proxy server and as such can
configure
their client accordingly (as per the dev machines which work).

I am aware that certain changes should be reflected in the configuration
on
both the client and the hosting server, but I would not think that
something
such as using a proxy (MS ISA Serevr in this case) at the client end
would
require changes on the server.

Surely the whole idea behind configuration of WCF is to allow such
differences to be changed on the client in the app.config file?



System.ServiceModel.Security.SecurityNegotiationException: The caller was
not authenticated by the service. ---> System.ServiceModel.FaultException:
The request for security token could not be satisfied because
authentication
failed.
at
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message
message, EndpointAddress target)
at

From: =?Utf-8?B?U0VTRGV2?= <sesdev at (no spam) nospam.nospam
Subject: WCF service call - problem when behind ISA Server proxy
Date: Thu, 14 May 2009 09:38:01 -0700


We have a WCF service which works just fine until it has to call through a
proxy server and then we're havign problems.


Network with ISA Server acting as proxy, notebook attached to network -
not
part of the domain but using a domain account to authenticate with the ISA
Server for Internet access.


We have small application that performs some local tasks and then calls an
IIS hosted WCF service to update stats essentially.

When outside of the above setup (i.e. in the development environment which
has no such proxy) all works just fine and the stats are updated with the
WCF
service call.

When on the notebook and behind the proxy we are getting problems.
Firstly
we were not using the default proxy and getting an error:

System.ServiceModel.ProtocolException: The remote server returned an
unexpected response: (407) Proxy Authentication Required ( The ISA Server
requires authorization to fulfill the request. Access to the Web Proxy
service is denied. ). ---> System.Net.WebException: The remote server
returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.GetResponse()
at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
nelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
We've tried the various (5) options for proxyCredentialType="???" with no
success for any of them. I've also noticed that the binding.ProxyAddress
is
not set on the client (when outputting it in code).

Hi sesdev,

From your description and the error callstack you provided, I think the
problem you encounter is due to your client machine is calling the WCF
service out-side a firewall/ISA server which demand proxy
authentication(and your client's local logon account is not sufficient to
pass the proxy authentication).

One means to supply a dedicated proxy authentication credentials for WCF
service client is to customize the default WebProxy that application use. I
have ever written a blog entry explaining this:

#[WCF]How to supply dedicated credentials for webproxy authentication in
WCF client
http://blogs.msdn.com/stcheng/archive/2008/12/03/wcf-how-to-supply-dedicated
-credentials-for-webproxy-authentication.aspx

You can try using the code to specify a domain account(validatable for the
remote isa server) for proxy authentication.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg at (no spam) microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.




--------------------
From: =?Utf-8?B?U0VTRGV2?= <sesdev at (no spam) nospam.nospam
Subject: WCF service call - problem when behind ISA Server proxy
Date: Thu, 14 May 2009 09:38:01 -0700


We have a WCF service which works just fine until it has to call through a
proxy server and then we're havign problems.


Network with ISA Server acting as proxy, notebook attached to network -
not
part of the domain but using a domain account to authenticate with the ISA
Server for Internet access.


We have small application that performs some local tasks and then calls an
IIS hosted WCF service to update stats essentially.

When outside of the above setup (i.e. in the development environment which
has no such proxy) all works just fine and the stats are updated with the
WCF
service call.

When on the notebook and behind the proxy we are getting problems.
Firstly
we were not using the default proxy and getting an error:

System.ServiceModel.ProtocolException: The remote server returned an
unexpected response: (407) Proxy Authentication Required ( The ISA Server
requires authorization to fulfill the request. Access to the Web Proxy
service is denied. ). ---> System.Net.WebException: The remote server
returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.GetResponse()
at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
nelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
We've tried the various (5) options for proxyCredentialType="???" with no
success for any of them. I've also noticed that the binding.ProxyAddress
is
not set on the client (when outputting it in code).

From: =?Utf-8?B?U0VTRGV2?= <sesdev at (no spam) nospam.nospam
References: <75C683A9-B083-4886-B654-9C578A5FFABB at (no spam) microsoft.com
qnkjfNR1JHA.4936 at (no spam) TK2MSFTNGHUB02.phx.gbl
Subject: RE: WCF service call - problem when behind ISA Server proxy
Date: Fri, 15 May 2009 00:32:01 -0700


Hi Steven,

Thanks v much for this response - just what I needed. I've added a custom
config section for this service on the client to specify whether a proxy
is
used and if so whether the user credentials are provided or taken from
DefaultNetworkCredentials.

I had searched around and not come across your post - but then I was
searching against the errors I was getting (perhaps you could update to
include them as possible errors and others will get to your solution).

Cheers

Shaun

--
SES Development



""Steven Cheng"" wrote:

Hi sesdev,

From your description and the error callstack you provided, I think the
problem you encounter is due to your client machine is calling the WCF
service out-side a firewall/ISA server which demand proxy
authentication(and your client's local logon account is not sufficient
to
pass the proxy authentication).

One means to supply a dedicated proxy authentication credentials for
WCF
service client is to customize the default WebProxy that application
use. I
have ever written a blog entry explaining this:

#[WCF]How to supply dedicated credentials for webproxy authentication in
WCF client

http://blogs.msdn.com/stcheng/archive/2008/12/03/wcf-how-to-supply-dedicated
-credentials-for-webproxy-authentication.aspx

You can try using the code to specify a domain account(validatable for
the
remote isa server) for proxy authentication.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments
and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg at (no spam) microsoft.com.

==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.




--------------------
From: =?Utf-8?B?U0VTRGV2?= <sesdev at (no spam) nospam.nospam
Subject: WCF service call - problem when behind ISA Server proxy
Date: Thu, 14 May 2009 09:38:01 -0700


We have a WCF service which works just fine until it has to call
through a
proxy server and then we're havign problems.


Network with ISA Server acting as proxy, notebook attached to network -
not
part of the domain but using a domain account to authenticate with the
ISA
Server for Internet access.


We have small application that performs some local tasks and then calls
an
IIS hosted WCF service to update stats essentially.

When outside of the above setup (i.e. in the development environment
which
has no such proxy) all works just fine and the stats are updated with
the
WCF
service call.

When on the notebook and behind the proxy we are getting problems.
Firstly
we were not using the default proxy and getting an error:

System.ServiceModel.ProtocolException: The remote server returned an
unexpected response: (407) Proxy Authentication Required ( The ISA
Server
requires authorization to fulfill the request. Access to the Web Proxy
service is denied. ). ---> System.Net.WebException: The remote server
returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.GetResponse()
at

System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
nelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
We've tried the various (5) options for proxyCredentialType="???" with
no
success for any of them. I've also noticed that the
binding.ProxyAddress
is
not set on the client (when outputting it in code).