Biztalk gets MessageSecurityException with WCF-WsHTTP endpoint

When Biztalk 2009 calls a regular ASP.NET webservice via an WS BasicHTTP adapter, it gets a System.ServiceModel.Security.MessageSecurityException: the HTTP request is unauthorized with client authentication scheme "Anonymous". The authentication header received from the server was : Negotiate NTLM".

The webservice is hosted in IIS (7.5), with anonymous 开发者_StackOverflowaccess disabled, and Windows Authentication enabled.

Your send port needs to be configured to use NTLM security, as that appears to be what the web service requires.

Open the send port's configuration, open the transport type's (WCF-BasicHttp) configuration, and go to the Security tab. There, set the security mode to Transport. That will allow you to set the Transport client credential type to Ntlm.

This will cause BizTalk to authenticate to the web service using NTLM. It will use the account of the BizTalk host in which your send port is running. If that account does not have access to the web service, then you'll either need to grant it access or look at alternatives, such as switching from NTLM to Basic (which allows you to specify the credentials under that same Security tab). A discussion about this issue is here.

Of course, you did mention that you configured the web service for Windows Authentication, so you can also try setting the Transport client credential type to Windows. That should still use the BizTalk host process's account, though, just like NTLM.

FWIW here's a paste of a WCF basicHttpBinding exposed to BizTalk 2009

<services>
   <service ... >
       <endpoint address=""
        binding="basicHttpBinding"
        bindingConfiguration="binding4BizTalk" 
        bindingNamespace="xxx"
... >
<!-- Delete the identity tag here -->
       </endpoint>

And then under the bindings

<bindings>
    <basicHttpBinding>
        <binding name="binding4BizTalk" ...>
            <security mode="None" />

Hope is of some use?