Setup MSE as a trusted subsystem

Topics: Technical Questions, Usage Scenarios
Nov 15, 2010 at 1:29 PM


I have a similar scenario to the one listed here

I have a WCF service that requires Windows Authentication.  I want to setup MSE as a Trusted Subsystem as mentioned in many of the documents.  I don't have the ability to change the Authentication (it's Microsoft Dynamics NAV Webservices),  and the calling application we can't get to specify Windows Auth credentials (long story).

A trusted subsystem scenario would work for me:

Here are the steps I have followed to try and test this:

  1. Install MSE with a domain account that has permissions to the WCF services.
  2. Tools->Load Resources->Web Services Metadata
  3. Fill in the location of my WSDL, and follow the prompts to completion.
  4. The binding that is defined in the import BasicHttpBinding
  5. I create a New Endpoint,  drag the Operation over.   (This is where I am confused - which Binding should I use ?) , I selected  WsHttp(12)
  6. Edit the LocalRS and drag then EndPoint over.

Browse to my endpoint and I can see it fine.

I open the MSE Service Tester, discover my WSDL,  double click the operation.

I then try and test it, and get the following :

  •  The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'.

I tried to test the MSE service using WCFStormLite  and get the same error.   (In WCFStormLite i set "Windows Auth" and "Impersonation")

I add the original WCF service to WCFStorm and I can execute the service.

My binding in the MSE Service Tester is

    <binding name="WSHttpBinding_svc_NAV" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
      <security mode="None">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="">
          <extendedProtectionPolicy policyEnforcement="Never" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />

 And that is where I get stuck.


Is there any documentation to show how to setup the trusted subsystem ? And which Bindings should be set at which point ?

Any suggestions help would be appreciated ?