Project 2013 PSI wcf connection problem

Hi, I have web part published on project web access application (PWA) and connects to /_vti_bin/PSI/ProjectServer.svc through wcf service. Web part throws exception:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'.

The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an

error: (401) Unauthorized.

                                      |  Server stack trace:                                       |     in System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)                                       |     in

System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)                                       |     in

System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)                                       |     in System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)                                       |     in System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)                                       |     in System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)                                       |     in System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

 Here is the code that creates binding point, it works fine when in console application (but throws exception above when in web part):

private static ProjectClient CreateProjectClient(string pwaUrl)
        {
            const int maxsize = 500000000;
            const string svcUrl = "/_vti_bin/PSI/ProjectServer.svc";

            BasicHttpBinding binding = pwaUrl.Contains("https:") ?
                new BasicHttpBinding(BasicHttpSecurityMode.Transport) :
                new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly);

            binding.Name = "basicHttp_Project";
            binding.SendTimeout = TimeSpan.MaxValue;
            binding.MaxReceivedMessageSize = maxsize;
            binding.ReaderQuotas.MaxNameTableCharCount = maxsize;
            binding.MessageEncoding = WSMessageEncoding.Text;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
            binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
            binding.UseDefaultWebProxy = false;
            var address = new EndpointAddress(SPUrlUtility.CombineUrl(pwaUrl, svcUrl));
            var client = new ProjectClient(binding, address);
            if ((client.ChannelFactory != null) && (client.ChannelFactory.Credentials != null))
            {
                client.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
                client.ChannelFactory.Credentials.Windows.AllowNtlm = true;
            }
            return client;
        }

It also works when I define credentials like

client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("login", "password", "domain");

but I need to run under current user. I'm also check double hop problem and user permissions - no luck.

I hope somebody can help me, thanks.