Vista - NegotiateCleintCredentials = false with wshttpbinding / message security / client credential type = windows

on the same machine.

server side :
<endpoint contract="MyService.IMyService" binding="wsHttpBinding" address
="/securedmessagenonegotiation/"
bindingConfiguration ="securedmessagenonegotiation">
<identity>
<userPrincipalName value ="i-enrics@x.com"/>
</identity>
</endpoint>
.....

<binding name ="securedmessagenonegotiation">
<security mode ="Message">
<message clientCredentialType ="Windows"
negotiateServiceCredential="false"></message>
</security >
</binding>

............

I run svcutil so that on the client side i get

<endpoint address="http://localhost:8081/securedmessagenonegotiation/"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IMyService2"
contract="MyService.IMyService"
name="securedmessagenonegotiate">
<identity>
<userPrincipalName value="i-enrics@x.com" />
</identity>
</endpoint>

....
<binding name="WSHttpBinding_IMyService2" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="false"
algorithmSuite="Basic128" establishSecurityContext="true" />
</security>
</binding>

This is the error i get when i run my client :

"The token provider cannot get tokens for target ..."

what am i doing wrong ?
thank in advance

Try to add to service config

1) behaviorConfiguration attribute to <service> element

behaviorConfiguration="MyServiceBehavior"



2) <behaviors> element like

<behaviors>

<behavior

name="MyServiceBehavior"

returnUnknownExceptionsAsFaults="False" >

<serviceAuthorization principalPermissionMode='UseWindowsGroups' />

</behavior>

</behaviors>



"Enrico Sabbadin" <x> wrote in message
news:%23LNRr245GHA.2168@TK2MSFTNGP02.phx.gbl...
> on the same machine.
>
> server side :
> <endpoint contract="MyService.IMyService" binding="wsHttpBinding" address
> ="/securedmessagenonegotiation/"
> bindingConfiguration ="securedmessagenonegotiation">
> <identity>
> <userPrincipalName value ="i-enrics@x.com"/>
> </identity>
> </endpoint>
> ....
>
> <binding name ="securedmessagenonegotiation">
> <security mode ="Message">
> <message clientCredentialType ="Windows"
> negotiateServiceCredential="false"></message>
> </security >
> </binding>
>
> ...........
>
> I run svcutil so that on the client side i get
>
> <endpoint address="http://localhost:8081/securedmessagenonegotiation/"
> binding="wsHttpBinding"
> bindingConfiguration="WSHttpBinding_IMyService2"
> contract="MyService.IMyService"
> name="securedmessagenonegotiate">
> <identity>
> <userPrincipalName value="i-enrics@x.com" />
> </identity>
> </endpoint>
>
> ...
> <binding name="WSHttpBinding_IMyService2" closeTimeout="00:01:00"
> openTimeout="00:01:00" receiveTimeout="00:10:00"
> sendTimeout="00:01:00"
> bypassProxyOnLocal="false" transactionFlow="false"
> hostNameComparisonMode="StrongWildcard"
> maxBufferPoolSize="524288"
> maxReceivedMessageSize="65536"
> messageEncoding="Text" textEncoding="utf-8"
> useDefaultWebProxy="true"
> allowCookies="false">
> <readerQuotas maxDepth="32" maxStringContentLength="8192"
> maxArrayLength="16384"
> maxBytesPerRead="4096" maxNameTableCharCount="16384" />
> <reliableSession ordered="true" inactivityTimeout="00:10:00"
> enabled="false" />
> <security mode="Message">
> <transport clientCredentialType="Windows"
> proxyCredentialType="None"
> realm="" />
> <message clientCredentialType="Windows"
> negotiateServiceCredential="false"
> algorithmSuite="Basic128" establishSecurityContext="true"
> />
> </security>
> </binding>
>
> This is the error i get when i run my client :
>
> "The token provider cannot get tokens for target ..."
>
> what am i doing wrong ?
> thank in advance

does not work ..
it's actually looks like it's the client the one that complains

"Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
news:OWyknG65GHA.3452@TK2MSFTNGP05.phx.gbl...
> Try to add to service config
>
> 1) behaviorConfiguration attribute to <service> element
>
> behaviorConfiguration="MyServiceBehavior"
>
>
>
> 2) <behaviors> element like
>
> <behaviors>
>
> <behavior
>
> name="MyServiceBehavior"
>
> returnUnknownExceptionsAsFaults="False" >
>
> <serviceAuthorization principalPermissionMode='UseWindowsGroups' />
>
> </behavior>
>
> </behaviors>
>
>
>
> "Enrico Sabbadin" <x> wrote in message
> news:%23LNRr245GHA.2168@TK2MSFTNGP02.phx.gbl...
>> on the same machine.
>>
>> server side :
>> <endpoint contract="MyService.IMyService" binding="wsHttpBinding" address
>> ="/securedmessagenonegotiation/"
>> bindingConfiguration ="securedmessagenonegotiation">
>> <identity>
>> <userPrincipalName value ="i-enrics@x.com"/>
>> </identity>
>> </endpoint>
>> ....
>>
>> <binding name ="securedmessagenonegotiation">
>> <security mode ="Message">
>> <message clientCredentialType ="Windows"
>> negotiateServiceCredential="false"></message>
>> </security >
>> </binding>
>>
>> ...........
>>
>> I run svcutil so that on the client side i get
>>
>> <endpoint address="http://localhost:8081/securedmessagenonegotiation/"
>> binding="wsHttpBinding"
>> bindingConfiguration="WSHttpBinding_IMyService2"
>> contract="MyService.IMyService"
>> name="securedmessagenonegotiate">
>> <identity>
>> <userPrincipalName value="i-enrics@x.com" />
>> </identity>
>> </endpoint>
>>
>> ...
>> <binding name="WSHttpBinding_IMyService2" closeTimeout="00:01:00"
>> openTimeout="00:01:00" receiveTimeout="00:10:00"
>> sendTimeout="00:01:00"
>> bypassProxyOnLocal="false" transactionFlow="false"
>> hostNameComparisonMode="StrongWildcard"
>> maxBufferPoolSize="524288"
>> maxReceivedMessageSize="65536"
>> messageEncoding="Text" textEncoding="utf-8"
>> useDefaultWebProxy="true"
>> allowCookies="false">
>> <readerQuotas maxDepth="32" maxStringContentLength="8192"
>> maxArrayLength="16384"
>> maxBytesPerRead="4096" maxNameTableCharCount="16384" />
>> <reliableSession ordered="true" inactivityTimeout="00:10:00"
>> enabled="false" />
>> <security mode="Message">
>> <transport clientCredentialType="Windows"
>> proxyCredentialType="None"
>> realm="" />
>> <message clientCredentialType="Windows"
>> negotiateServiceCredential="false"
>> algorithmSuite="Basic128" establishSecurityContext="true"
>> />
>> </security>
>> </binding>
>>
>> This is the error i get when i run my client :
>>
>> "The token provider cannot get tokens for target ..."
>>
>> what am i doing wrong ?
>> thank in advance
>
>

the answer i got
*************
If you set negotiateServiceCredentials to false, you must use a
ServicePrincipalName as Identity on the service side and make sure that the
server is running under a machine account (Local System or Network Service).
The ServicePrincipalName usually is of the the form HOST/Server Machine
Name.
However if you need to use UserPrincipalName, then you MUST set
negotiateServiceCredentials to true.
****************

"Enrico Sabbadin" <x> wrote in message
news:u9$5Qx75GHA.4116@TK2MSFTNGP03.phx.gbl...
> does not work ..
> it's actually looks like it's the client the one that complains
>
> "Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
> news:OWyknG65GHA.3452@TK2MSFTNGP05.phx.gbl...
>> Try to add to service config
>>
>> 1) behaviorConfiguration attribute to <service> element
>>
>> behaviorConfiguration="MyServiceBehavior"
>>
>>
>>
>> 2) <behaviors> element like
>>
>> <behaviors>
>>
>> <behavior
>>
>> name="MyServiceBehavior"
>>
>> returnUnknownExceptionsAsFaults="False" >
>>
>> <serviceAuthorization principalPermissionMode='UseWindowsGroups' />
>>
>> </behavior>
>>
>> </behaviors>
>>
>>
>>
>> "Enrico Sabbadin" <x> wrote in message
>> news:%23LNRr245GHA.2168@TK2MSFTNGP02.phx.gbl...
>>> on the same machine.
>>>
>>> server side :
>>> <endpoint contract="MyService.IMyService" binding="wsHttpBinding"
>>> address ="/securedmessagenonegotiation/"
>>> bindingConfiguration ="securedmessagenonegotiation">
>>> <identity>
>>> <userPrincipalName value ="i-enrics@x.com"/>
>>> </identity>
>>> </endpoint>
>>> ....
>>>
>>> <binding name ="securedmessagenonegotiation">
>>> <security mode ="Message">
>>> <message clientCredentialType ="Windows"
>>> negotiateServiceCredential="false"></message>
>>> </security >
>>> </binding>
>>>
>>> ...........
>>>
>>> I run svcutil so that on the client side i get
>>>
>>> <endpoint address="http://localhost:8081/securedmessagenonegotiation/"
>>> binding="wsHttpBinding"
>>> bindingConfiguration="WSHttpBinding_IMyService2"
>>> contract="MyService.IMyService"
>>> name="securedmessagenonegotiate">
>>> <identity>
>>> <userPrincipalName value="i-enrics@x.com" />
>>> </identity>
>>> </endpoint>
>>>
>>> ...
>>> <binding name="WSHttpBinding_IMyService2" closeTimeout="00:01:00"
>>> openTimeout="00:01:00" receiveTimeout="00:10:00"
>>> sendTimeout="00:01:00"
>>> bypassProxyOnLocal="false" transactionFlow="false"
>>> hostNameComparisonMode="StrongWildcard"
>>> maxBufferPoolSize="524288"
>>> maxReceivedMessageSize="65536"
>>> messageEncoding="Text" textEncoding="utf-8"
>>> useDefaultWebProxy="true"
>>> allowCookies="false">
>>> <readerQuotas maxDepth="32" maxStringContentLength="8192"
>>> maxArrayLength="16384"
>>> maxBytesPerRead="4096" maxNameTableCharCount="16384" />
>>> <reliableSession ordered="true" inactivityTimeout="00:10:00"
>>> enabled="false" />
>>> <security mode="Message">
>>> <transport clientCredentialType="Windows"
>>> proxyCredentialType="None"
>>> realm="" />
>>> <message clientCredentialType="Windows"
>>> negotiateServiceCredential="false"
>>> algorithmSuite="Basic128" establishSecurityContext="true"
>>> />
>>> </security>
>>> </binding>
>>>
>>> This is the error i get when i run my client :
>>>
>>> "The token provider cannot get tokens for target ..."
>>>
>>> what am i doing wrong ?
>>> thank in advance
>>
>>
>

That have sense , tnx
Arkady

"Enrico Sabbadin" <x> wrote in message
news:e9Xogl85GHA.4008@TK2MSFTNGP02.phx.gbl...
> the answer i got
> *************
> If you set negotiateServiceCredentials to false, you must use a
> ServicePrincipalName as Identity on the service side and make sure that
> the server is running under a machine account (Local System or Network
> Service). The ServicePrincipalName usually is of the the form HOST/Server
> Machine Name.
> However if you need to use UserPrincipalName, then you MUST set
> negotiateServiceCredentials to true.
> ****************
>
> "Enrico Sabbadin" <x> wrote in message
> news:u9$5Qx75GHA.4116@TK2MSFTNGP03.phx.gbl...
>> does not work ..
>> it's actually looks like it's the client the one that complains
>>
>> "Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
>> news:OWyknG65GHA.3452@TK2MSFTNGP05.phx.gbl...
>>> Try to add to service config
>>>
>>> 1) behaviorConfiguration attribute to <service> element
>>>
>>> behaviorConfiguration="MyServiceBehavior"
>>>
>>>
>>>
>>> 2) <behaviors> element like
>>>
>>> <behaviors>
>>>
>>> <behavior
>>>
>>> name="MyServiceBehavior"
>>>
>>> returnUnknownExceptionsAsFaults="False" >
>>>
>>> <serviceAuthorization principalPermissionMode='UseWindowsGroups' />
>>>
>>> </behavior>
>>>
>>> </behaviors>
>>>
>>>
>>>
>>> "Enrico Sabbadin" <x> wrote in message
>>> news:%23LNRr245GHA.2168@TK2MSFTNGP02.phx.gbl...
>>>> on the same machine.
>>>>
>>>> server side :
>>>> <endpoint contract="MyService.IMyService" binding="wsHttpBinding"
>>>> address ="/securedmessagenonegotiation/"
>>>> bindingConfiguration ="securedmessagenonegotiation">
>>>> <identity>
>>>> <userPrincipalName value ="i-enrics@x.com"/>
>>>> </identity>
>>>> </endpoint>
>>>> ....
>>>>
>>>> <binding name ="securedmessagenonegotiation">
>>>> <security mode ="Message">
>>>> <message clientCredentialType ="Windows"
>>>> negotiateServiceCredential="false"></message>
>>>> </security >
>>>> </binding>
>>>>
>>>> ...........
>>>>
>>>> I run svcutil so that on the client side i get
>>>>
>>>> <endpoint address="http://localhost:8081/securedmessagenonegotiation/"
>>>> binding="wsHttpBinding"
>>>> bindingConfiguration="WSHttpBinding_IMyService2"
>>>> contract="MyService.IMyService"
>>>> name="securedmessagenonegotiate">
>>>> <identity>
>>>> <userPrincipalName value="i-enrics@x.com" />
>>>> </identity>
>>>> </endpoint>
>>>>
>>>> ...
>>>> <binding name="WSHttpBinding_IMyService2" closeTimeout="00:01:00"
>>>> openTimeout="00:01:00" receiveTimeout="00:10:00"
>>>> sendTimeout="00:01:00"
>>>> bypassProxyOnLocal="false" transactionFlow="false"
>>>> hostNameComparisonMode="StrongWildcard"
>>>> maxBufferPoolSize="524288"
>>>> maxReceivedMessageSize="65536"
>>>> messageEncoding="Text" textEncoding="utf-8"
>>>> useDefaultWebProxy="true"
>>>> allowCookies="false">
>>>> <readerQuotas maxDepth="32" maxStringContentLength="8192"
>>>> maxArrayLength="16384"
>>>> maxBytesPerRead="4096" maxNameTableCharCount="16384" />
>>>> <reliableSession ordered="true" inactivityTimeout="00:10:00"
>>>> enabled="false" />
>>>> <security mode="Message">
>>>> <transport clientCredentialType="Windows"
>>>> proxyCredentialType="None"
>>>> realm="" />
>>>> <message clientCredentialType="Windows"
>>>> negotiateServiceCredential="false"
>>>> algorithmSuite="Basic128"
>>>> establishSecurityContext="true" />
>>>> </security>
>>>> </binding>
>>>>
>>>> This is the error i get when i run my client :
>>>>
>>>> "The token provider cannot get tokens for target ..."
>>>>
>>>> what am i doing wrong ?
>>>> thank in advance
>>>
>>>
>>
>