I have just spent 2 days debugging the following error, so i tought i'll share my findings.
The scenario is this: I have a WCF service hosted on IIS7. The service uses basicHttpBinding with Security Mode set to TransportCredentialOnly. The web site has Anonymous Authentication and Windows Authentication enabled. The Appliaction Pool for the website runs under a domain account, wich has every possible right on the physical folder of the website. Browsing the .svc for the service from internet explorer worked, but when we tried to invoke a method of the service from a client, we got an error: "The HTTP request is unauthorized with client authentication scheme Negotiate". Also, the IIS log showed a 401.5 error for every invoke of the method, wich is normal for this security setting, but it should be followed by a 200, wich wasn't the case here.
Finally, we managed to solve the issue, by checking the Authentication settings on the Default Website. Windows Authentication was disabled there. We enabled it, and the service started working. You would think, that the websites settings override this but they don't. So save yourself from wiresharking, procmoning all day and check this setting.
Cheers!
This is the kind of problem where you need to get the settings to match at all layers:
All these need to match for it to work.