Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

Problem with SPN authentification / WCF test

mroy265
mroy265 Posts: 3
edited August 2018 in SOAtest

Hi,
i try to test a .net wcf http service which i have to remove the generated client identity section (SPN)

endpoint address="https://myservice.svc"
binding="wsHttpBinding" bindingConfiguration="ObtenirContexteTravailleurWs"
contract="MAJInscriptionTravailleur" name="ObtenirContexteTravailleurWs">
identity>
userPrincipalName value="SVCXXAppPool@xxx.ca" />
/identity>
/endpoint>

For the moment, it seem to be simple !
But i tried a lot of configuration file setted in the WCF Client Configuration File without the section, with user value = "", etc.. etc..
and i always get the following error :
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate

I tried this correction with the microsoft wcf test client and it work without any problem after i remove the "identity" section from the config file.

Can you tell me how i can achieve this in parasoft for it to work properly ?

thanks

Comments

  • mroy265
    mroy265 Posts: 3
    edited August 2018

    .

  • benken_parasoft
    benken_parasoft Posts: 1,309 ✭✭✭
    edited August 2018

    The SOAP Client pulls endpoint identity settings from the WSDL and/or .NET config file. If both are present then the SOAP Client may decide to pull some settings from the WSDL instead of the config file. If needed, you can force the SOAP Client to only pull the information from the config file and ignore the WSDL by unchecking the "Constrain to WSDL" box.

  • mroy265
    mroy265 Posts: 3

    I unchecked it without success :-( I read couple of place that with unchecking the box that should resolve my issue but it has not worked for me.

  • benken_parasoft
    benken_parasoft Posts: 1,309 ✭✭✭
    edited August 2018

    I tried this correction with the microsoft wcf test client and it work without any problem after i remove the "identity" section from the config file.

    Are you using the exact same config file for both? Same endpoint address? No other differences?

    The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate

    "Negotiate" header is used for Kerberos authentication and NTLM authentication. An SPN is used for Kerberos. However, if there is no SPN, perhaps NTLM will work? If your service accepts NTLM then you would just need to provide your NTLM login in the SOAP Client's .NET WCF HTTP transport settings under "Windows Credential".

Categories