WCF error over the internet only

I have a WCF problem. Been stuck here for days.

• I have my WCF Service and Client working perfectly on the intranet.
• I deployed the same service/client on our IIS server exposed over the internet. This service, i am able to access perfectly from my workstatation, using the internet site (the .com address)
• However, when accessing the same .com site using a computer not connected to our network, it's giving me the dreaded "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate, NTLM'" when accessing the Service

Other Info: The client authenticates me. When the client is accessing the WCF Service, i get the error.

Client Web.Config:

<system.servic开发者_运维技巧eModel>
  <bindings>
   <basicHttpBinding>
    <binding name="BasicHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true"
     bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
     useDefaultWebProxy="true">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
      maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <security mode="TransportCredentialOnly">
      <transport clientCredentialType="Windows" proxyCredentialType="None"
       realm="" />
      <message clientCredentialType="UserName" algorithmSuite="Default"  />
     </security>
    </binding>
   </basicHttpBinding>
  </bindings>
  <client>
   <endpoint address="http://exposedoutside.com:80/site/myservice.svc"
    binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
    contract="WFLServiceReference.IWorkflow" name="BasicHttpEndpoint" />
  </client>
   <behaviors>
     <endpointBehaviors>
       <behavior name="">
         <dataContractSerializer maxItemsInObjectGraph="2147483646"/>
         <clientCredentials>
           <windows allowedImpersonationLevel="Impersonation"/>
         </clientCredentials>
       </behavior>
     </endpointBehaviors>
   </behaviors>
 </system.serviceModel>

I didn't really need to specify the port. Also, i added this in the code-behind

Dim wcfService = New WCFServiceProxy.myserviceClient()
wcfService.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation

Am i missing something?

Thank you in advance.

Make sure IIS is setup to allow anonymous authentication on that Web Application. You are wanting to handle authentication yourself, so you need to tell IIS to allow everyone. This is an ok thing to do, as long as you are confident you've done your authentication well.

It works from your local machine as it is using your windows domain credentials to log in. Easiest check is to open up the WCF end point in a web browser (ie type http://exposedoutside.com:80/site/myservice.svc into the address bar)

You can't use clientCredentialType="Windows" (negotiation) over Internet. It works only if client and server are in the same domain or trusted domains. If you really want to windows accounts to authenticate over Internet you must expose endpoint with clientCredentialType set to Basic. It will use Basic authentication so the client will have to provide username and password explicitly. Be aware that exposing such endpoint without transport security (HTTPS) is simply not acceptable because you will send credentials to your network over Internet in the plain text.

Apparently, i just needed to pass credentials. I have been avoiding it, but it appears that it's really the way to go:

clientProxyHere.ClientCredentials.HttpDigest.ClientCredential = New System.Net.NetworkCredential("user", "password")