Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this
-
Wednesday, January 30, 2008 11:33 AM
Hi,
We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2
Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.
NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2
IIS Setting
"Integrated Windows Authentication" is enabled in the "Directory Security"
Web.Config
<
system.serviceModel><
bindings>
basicHttpBinding><
binding name="Binding1"><
security mode="TransportCredentialOnly"><
transport clientCredentialType="Windows" /><
</
security></
binding></
basicHttpBinding></
bindings><
services>
service name="Service1" behaviorConfiguration="Service1.Service1Behavior"><
<!--
Service Endpoints --><
endpoint address="" binding="basicHttpBinding" bindingConfiguration="Binding1" contract="C.S.IService"><!--
-->Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
identity><
dns value="localhost"/><
</
identity></
endpoint></
service></
services><
behaviors><
serviceBehaviors>
behavior name="Service1.Service1Behavior"><
To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --><!--
<
serviceMetadata httpGetEnabled="true"/><!--
To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --><
serviceDebug includeExceptionDetailInFaults="true"/></
behavior></
serviceBehaviors></
behaviors></
system.serviceModel>Please guide me to fix this issue.
-Regards
Prabashmi
All Replies
-
Wednesday, November 05, 2008 3:15 PMHi,
I'm having the same problem.
Did you manage to solve it?
Best Regards,
Alex Linder. -
Friday, November 07, 2008 10:30 AM
We´re also experiencing the exact same issue, works on XP but not on Windows Server with same web.config.
Found any solution? -
Wednesday, November 12, 2008 6:05 PMI maneged to solve my problem by deleting the mex endpoint element from the config file of the service.
-
Thursday, November 13, 2008 10:40 AM
Deleting the mex endpoint from the web.config file did not do the trick for us. It seemed to make no difference.
BUT!
I solved to problem by setting the clientCredentialType to Ntlm instead of Windows.
<
security mode="TransportCredentialOnly"><
transport clientCredentialType="Ntlm"/></
security>- Proposed As Answer by Daniel_Bergsten Thursday, November 13, 2008 10:42 AM
-
Friday, November 21, 2008 8:13 AMModeratorPlease make sure only Integrated Windows Authentication is enabled but not anonymous access. And also make sure this is set on the specific vdir itself. Your parent website could have different settings.
-
Wednesday, September 22, 2010 11:16 AM
i have setup IIS 6.0 on Windows Authenticaiton only
my config file is
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="windowsBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="EmployeeService.EmployeeService"
behaviorConfiguration="EmployeeService.Service1Behavior"
>
<!-- Service Endpoints -->
<endpoint address=""
binding="basicHttpBinding"
contract="EmployeeService.IEmployee"
bindingConfiguration="windowsBinding"
>
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="EmployeeService.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
i have also added
<authentication mode="Windows"/>
<identity impersonate ="true"/>in the web.config file.
the WCF service is hosted on IIS 6 and when browsing it throws the exception
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this servicea
any help is much appreciated
regards
Yawar
-
Thursday, September 23, 2010 12:29 PM
i dont know the reason but following configuration works for me.
I have following settings
1) On the IIS 6, only Integrated Windows Authentication is checked
2) The Contract Operation method has Operation Behaviour " [OperationBehavior(Impersonation=ImpersonationOption.Required)]"
3) I have following config file for the WCF service.
The Contract Operation impersonated the caller's identity and returns the name using "System.Security.Principal.WindowsIdentity.GetCurrent().Name" name property.
this is all good for impersonation of the caller's credentials. I dont know how to delegate caller credentials for back end server.
<system.serviceModel>
<!--Service binding configuration-->
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<!--Service endpoint configuration-->
<services>
<service behaviorConfiguration="basicBehavior" name="EmployeeService.EmployeeService">
<endpoint address=""
binding="basicHttpBinding"
contract="EmployeeService.IEmployee"
bindingConfiguration="basicBinding"
>
</endpoint>
<endpoint address="mex"
binding="basicHttpBinding"
contract="IMetadataExchange"
bindingConfiguration="basicBinding"
/>
</service>
</services>
<!--Service behavior configuration-->
<behaviors>
<serviceBehaviors>
<behavior name="basicBehavior">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Regards
Yawar
- Proposed As Answer by yawar.khuwaja Thursday, September 23, 2010 12:30 PM
-
Thursday, November 04, 2010 4:52 AM
I solved following Daniel Bergsten recomendation...
I solved to problem by setting the clientCredentialType to Ntlm instead of Windows.
<security mode="TransportCredentialOnly"><
transport clientCredentialType="Ntlm"/>
</
security>
- Proposed As Answer by Pradipta Nayak Thursday, January 19, 2012 1:03 PM
-
Friday, November 19, 2010 4:17 PM
Hello Israel_mx
with "transport clientCredentialType="Ntlm"/>" you can only impersonate client's credentails on the local server. it has to be " <transport clientCredentialType="Windows"/>" to make Kerberos work and delegate caller's credentials.
thanks
-
Wednesday, September 21, 2011 9:53 PMThis worked for us!!!
-
Monday, March 12, 2012 5:18 AMNTLM does not work the same way as Windows. If you want really Windows, just remove the piece of code which says bindingConfiguration="your_basicHttpBinding_binding_name" from the endpoint... That should work.
-
Wednesday, March 28, 2012 9:24 AM
I had the same problem, but fixed it in the IIS (7) config by adding "Negotiate" as a provider under the Windows Authentication entry. It seems to only have NTLM by default.
Hope this helps
Regards,
Mark
