我有一个WCF Web服务使用basicHttpBinding与IIS 7上托管的NTLM(禁用匿名身份验证并启用 Windows身份验证). AppPool使用传递身份验证.我有一个远程连接到Web服务的控制台应用程序.

如果我使用我的域用户连接,则该过程成功连接.如果我使用在域上创建的新服务帐户进行连接,则会收到以下错误：

The HTTP request is unauthorized with client authentication scheme
‘Ntlm’. The authentication header received from the server was ‘NTLM’.

内在的例外是：

The Remote Server returned an error: (401) Unauthorized.

这是域帐户或我的身份验证方案的问题吗？错误消息表明它是身份验证方案,但为什么它在我的帐户下工作而不是在同一域上创建的服务帐户？

服务器配置

<security mode="TransportCredentialOnly">
    <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
</security>

客户消费

public static WMServiceClient CreateWMServiceProxy()
{
    var proxy = new WMServiceClient();

    proxy.Endpoint.Address = new EndpointAddress( ConfigurationCache.WMServiceEndpoint );
    proxy.Endpoint.Binding = new BasicHttpBinding( BasicHttpSecurityMode.TransportCredentialOnly )
    {
        MaxBufferSize = 2147483647,MaxReceivedMessageSize = 2147483647
    };

    ( (BasicHttpBinding) proxy.Endpoint.Binding ).Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;

    return proxy;
}