I have configured a virtual service in MSE and applied policies to flow the windows credentials to the physical service (hosted on other machine). When i test the virtual service using a client application which is on a third machine i get the below mentioned
"The message could not be processed because the action 'SendDetails' is invalid or unrecognized."
Things done specific to MSE are as below:
1. binding used for virtual endpoint is "wsHttpBinding" with "security mode=Message", clientCredentialType="Windows".
2. A custom policy is applied to the resource with assertions to flow the credentials and set the Spn.
<PolicyModel xmlns="http://microsoft.com/mse/2007/runtime/policyModel" xmlns:mse="http://services.microsoft.com/MSE" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">
<IdentityAwareChannelElement IdentityFlowType="Windows" IssuerAddress="" LockItem="False" xmlns="clr-namespace:Microsoft.MSE.Behaviors.Security.Configuration;assembly=Microsoft.MSE.Behaviors.Security">
<ServiceIdentityElement IdentityType="Spn" IdentityValue=(a valid spn) xmlns="clr-namespace:Microsoft.MSE.Behaviors.Security.Configuration;assembly=Microsoft.MSE.Behaviors.Security">
At the client application Impersonation level is set to Delegation. Server are set for delegation and have a valid Spn.
On the other hand when i try using basicHttpBinding with security mode="TransportCredentialOnly" and run the client application from a different machine i get the below error
“The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.”
Do you have any idea as to what needs to be done other than this to make the Delegation working.