Claims to Windows Token Service keeps entering disabled state

On a recent project I was tasked with securing an ASP.NET MVC site using ADFS. There was also a requirement to flow the end-user identity down through the various tiers, necessitating the use of Kerberos Constrained Delegation (KCD). In order to achieve KCD, the SAML assertion returned from ADFS must first be converted to a…

2

The HTTP request is unauthorized with client authentication scheme ‘Negotiate’. The authentication header received from the server was ‘Negotiate,NTLM’

In the course of enabling WCF services using Windows authentication, you may have hit this error. A Bing search will show that there are a myriad of reasons as to why this might occur. However, before you get bogged down in the complexities of WCF bindings and IIS metadata, there ‘may’ be a simple fix….

2