I have a similar scenario to the one listed here
I have a WCF service that requires Windows Authentication. I want to setup MSE as a Trusted Subsystem as mentioned in many of the documents. I don't have the ability to change the Authentication (it's Microsoft Dynamics NAV Webservices),
and the calling application we can't get to specify Windows Auth credentials (long story).
A trusted subsystem scenario would work for me:
Here are the steps I have followed to try and test this:
- Install MSE with a domain account that has permissions to the WCF services.
- Tools->Load Resources->Web Services Metadata
- Fill in the location of my WSDL, and follow the prompts to completion.
- The binding that is defined in the import BasicHttpBinding
- I create a New Endpoint, drag the Operation over. (This is where I am confused - which Binding should I use ?) , I selected WsHttp(12)
- Edit the LocalRS and drag then EndPoint over.
Browse to my endpoint and I can see it fine.
I open the MSE Service Tester, discover my WSDL, double click the operation.
I then try and test it, and get the following :
- The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'.
I tried to test the MSE service using WCFStormLite and get the same error. (In WCFStormLite i set "Windows Auth" and "Impersonation")
I add the original WCF service to WCFStorm and I can execute the service.
My binding in the MSE Service Tester is
<binding name="WSHttpBinding_svc_NAV" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="">
<extendedProtectionPolicy policyEnforcement="Never" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />
And that is where I get stuck.
Is there any documentation to show how to setup the trusted subsystem ? And which Bindings should be set at which point ?
Any suggestions help would be appreciated ?