I’m trying to connect to a service on the same machine using Windows credentials and getting an authentication error. I can connect to the service from other machines. I can also connect to the service if I set up an endpoint that listens on the loopback address. What’s going on here?
These symptoms suggest that the client on the local machine is being rejected by a security check in Windows on the loopback address. This check prevents you from connecting on a loopback address unless the service was specifically configured to listen on the loopback address. The reason for this check is to stop a security attack called a reflection attack. A reflection attack redirects a security challenge back to the same machine in hopes of getting the machine to answer its own challenge.
Since the security check is in Windows rather than in WCF you shouldn’t expect a simple knob on your service to fix this. However, you can try configuring the client with a user principal name for the service. Having a UPN helps you pass the check because in some cases it allows Windows to recognize that an attack is not taking place. For help configuring Windows, including some workarounds that I’m not sure I’d recommend, check out this KB article related to the loopback check.
Next time: Why Ordering is Ignored