The HTTP request is not authorized with the 'Anonymous' client authentication scheme

Question

I'm developing a client to use a web service. The endpoint is HTTPS. I get this exception when I try to log in. Why?

This is the method

BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;

var ea = new EndpointAddress(new Uri($@"https://endpoint"));

WSPDDClient client = new WSPDDClient(binding, ea);

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";

client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "certificatename");

WSPDD.login login1 = new WSPDD.login()
{
     login1="username",
     password="password"
 };
 try
 {
     client.Open();

     WSPDD.loginResponse resLogin = client.login(login1);

     if ([email protected])
     {

     }
     else
     {
        Debug.WriteLine("Err {0}", [email protected]);
     }
  }
  catch(Exception ex)
  {
       Debug.WriteLine("Err {0}", ex);
  }

This is web.config

<system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="WSPDDBinding" />
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="https://endpoint"
    binding="basicHttpBinding" bindingConfiguration="WSPDDBinding"
    contract="WSPDD" name="WSPDDPort" />
</client>

the exception is:

The HTTP request is not authorized with the 'Anonymous' client authentication scheme. Authentication header received from server: 'Mutual SSL realm = \ "WSO2 API Manager \", error = \ "invalid token \", error_description = \ "The access token expired \"'. "

The exception is on

WSPDD.loginResponse resLogin = client.login(login1);

Answer 1

All these code snippets are located on the client-side, and certain settings are duplicate, such as the Basichttpbinding configuration. The configuration settings in the code snippets are not in accord with that in the Webconfig.
The common way to call the WCF service is generating a client proxy by Adding service reference, which also brings binding settings that are consistent with the server-side in the configuration file located on the client-side.
From the errors occurred in the client-side, the binding configuration in the code snippets should be right, and correspond with the server-side.

BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

In other words, the server authenticates the client with a certificate, the client should provide a client certificate when calling the remote service. during this process, we should establish the trust relationship between the server-side and the client-side.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
Feel free to let me know if there is anything I can help with.

Answer 2

Thanks for the reply. I did as you suggested, Abraham.

WSPDD.SimogWSPDDClient client = new WSPDD.SimogWSPDDClient();

WSPDD.login login1 = new WSPDD.login
{
     login1 = "username",
     password = "passowrd"
 };
WSPDD.loginResponse loginResponse = new WSPDD.loginResponse();

loginResponse = client.login(login1);
if([email protected])
{

}
else
{
    Console.WriteLine("Err {0}", [email protected]);
 }

end Web.config

<system.serviceModel>
<behaviors>  
  <endpointBehaviors>  
    <behavior name="endpointCredentialBehavior">  
      <clientCredentials>  
        <clientCertificate findValue="+++certificatename+++"  
                           storeLocation="LocalMachine"  
                           storeName="My"  
                           x509FindType="FindBySubjectName" />  
      </clientCredentials>  
    </behavior>  
  </endpointBehaviors>  
</behaviors>  
<bindings>
  <wsHttpBinding>
    <!-- configure wsHttpbinding with Transport security mode  
               and clientCredentialType as Certificate -->
    <binding name="SimogWSPDDBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint address="https://*****/****/1.0.0"
    binding="wsHttpBinding" bindingConfiguration="SimogWSPDDBinding"
    contract="WSPDD.SimogWSPDD" name="SimogWSPDDPort" behaviorConfiguration="endpointCredentialBehavior"  />
</client>

All error in the same code line (loginResponse = client.login(login1);) is:

System.ServiceModel.Security.MessageSecurityException
  HResult=0x80131501
  Messaggio=La richiesta HTTP non è autorizzata con lo schema di autenticazione client 'Anonymous'. Intestazione di autenticazione ricevuta dal server: 'Mutual SSL realm="WSO2 API Manager", error="invalid token", error_description="The access token expired"'.
  Origine=mscorlib
  Analisi dello stack:
   in System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   in System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   in ANAC_WS_3.WSPDD.SimogWSPDD.login(loginRequest request)
   in ANAC_WS_3.WSPDD.SimogWSPDDClient.ANAC_WS_3.WSPDD.SimogWSPDD.login(loginRequest request) in C:\Users\Francesco\source\repos\ANAC_WS_3\ANAC_WS_3\Connected Services\WSPDD\Reference.cs: riga 14534
   in ANAC_WS_3.WSPDD.SimogWSPDDClient.login(login login1) in C:\Users\Francesco\source\repos\ANAC_WS_3\ANAC_WS_3\Connected Services\WSPDD\Reference.cs: riga 14540
   in ANAC_WS_3.Controllers.HomeController.Index() in C:\Users\Francesco\source\repos\ANAC_WS_3\ANAC_WS_3\Controllers\HomeController.cs: riga 25
   in System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   in System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   in System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   in System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   in System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   in System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   in System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   in System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0()
   in System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()

Eccezione interna 1:
WebException: Errore del server remoto: (401) Non autorizzato.