WCF认证方案不匹配

我正在使用。net 3.5，并试图配置一个WCF服务，并收到异常， HTTP请求是未经授权的客户端身份验证方案'协商'。日志含义从服务器接收到的认证头是'Negotiate,NTLM'。我在下面附加了服务器端和客户端.config文件。
只是一些注意事项。由于网络访问需求，应用程序和服务都使用模拟。web应用程序驻留在与WCF服务不同的服务器上。两者在各自的网站上也有以下规定。配置文件。

<authentication mode="Windows"/>
<identity impersonate="true" userName="userName" password="password"/>

Web Application (on server1)

<system.serviceModel>
 <bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IReports" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
     useDefaultWebProxy="false" proxyAddress="http://server2/Services/ReportService">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
       maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint name="BasicHttpBinding_IReports" address="http://server2/Services/ReportService/Reports.svc"
   binding="basicHttpBinding" contract="WCFServiceRef.IReports" bindingConfiguration="BasicHttpBinding_IReports"
            behaviorConfiguration="ClientBehavior"/>
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="ClientBehavior" >
      <clientCredentials supportInteractive="true" >
        <windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>

WCF服务(在server2上)

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
  <basicHttpBinding>
    <binding name="default" maxReceivedMessageSize="200000">
      <readerQuotas maxStringContentLength="200000" maxArrayLength="200000"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="ReportService.ReportsBehavior" name="ReportService.Reports">
    <endpoint address="" binding="basicHttpBinding" contract="ReportService.IReports" bindingConfiguration="default">
      <identity>
        <dns value="localhost"/>
      </identity>
    </endpoint>
    <endpoint name="mex" address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="default"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ReportService.ReportsBehavior">
      <serviceAuthorization impersonateCallerForAllOperations="false"/>
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>

我认为，如果我在应用程序中应用allowNtlm="true"指令，这将是固定的。在我看来，服务器正在期待Windows身份验证，但没有收到它?由于应用程序和服务驻留在不同的服务器上，我是否需要使用代理值?我觉得我没有理解一些基本的东西，但它是在服务器端IIS配置上还是在我的应用程序中，我不知道。谢谢你的帮助!