Unable to test my new Azure application locally: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme.

Question

I have a Silverlight application which is using RIA services and I am trying to migrate it to Azure. The application is using Forms authentication and runs fine when I start it from the web project. As soon as I start it from the Azure project I get the error: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used. It would seem a new instance of a virtual directory is created with these incorrect settings every time. While the application is running I can look in IIS and inside the error shows, "Challenge-based and login redirect-based authentication cannot be used simultaneously."

Why is Azure constantly generating incorrect default settings in IIS when IIS even knows they are incorrect?

Answer 1

Hi Bccollin,

> Challenge-based and login redirect-based authentication cannot be used simultaneously.

It seems the web application is using both Forms authentication and IntegratedWindowsAuthentication. Could you please check in IIS to see if it is really using both or not? If you manually disable integrated windows authentication for that web site in IIS, does it work? 

Thanks.

---

Wenchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework

Answer 2

But that's the thing... I'm not using IIS. I am using and running from an Azure project. It seems each time I run the application Azure creates a new IIS virtual directory and every time it turns both of those on and causes the error. I can turn one off but the next time I run the app Azure recreates a new one and turns them both on again. This is my first time playing with the Azure project.

Answer 3

Hi Bccollin,

> But that's the thing... I'm not using IIS. I am using and running from an Azure project.

When debugging Azure project in compute emulator, it will deploy your web application projects in IIS for debugging when you use Full IIS. Please see New Full IIS Capabilities: Differences from Hosted Web Core for more information. If you don't want to use Full IIS, you may want to switch back to HWC mode by commenting out the Sites element from ServiceDefinition.csdef file.

Back to the root cause, as far as I know, Windows Azure or compute emulator will not actively configure IIS authentication for your application. So there may be a setting in your application that causes this behavior. I'd suggest you check your application if anything (web.config or custom admin code) configures this.

Thanks.

---

Wenchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework

Answer 4

The only authentication tags we have in web.config is 

<authentication mode="Forms">
   <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
  </authentication>

There is no custom admin code.

Answer 5

Here is the whole web.config 

<?xml version="1.0"?>
<!--
 For more information on how to configure your ASP.NET application, please visit
 http://go.microsoft.com/fwlink/?LinkId=169433
 -->
<configuration>
 <connectionStrings>
   <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;Initial Catalog=AFTTeacher" providerName="System.Data.SqlClient" />
   <add name="ReportServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;Initial Catalog=AFTTeacherMetrics" providerName="System.Data.SqlClient" />
   <add name="TeacherEntities" connectionString="metadata=res://*/Entities.TeacherEntities.csdl|res://*/Entities.TeacherEntities.ssdl|res://*/Entities.TeacherEntities.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=localhost\sqlexpress;initial catalog=AFTTeacher;integrated security=True;multipleactiveresultsets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />
   <add name="TeacherMetricsEntities" connectionString="metadata=res://*/Entities.TeacherMetricsEntities.csdl|res://*/Entities.TeacherMetricsEntities.ssdl|res://*/Entities.TeacherMetricsEntities.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=localhost\sqlexpress;Initial Catalog=AFTTeacherMetrics;Integrated Security=True;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" />
 </connectionStrings>
 <system.web>
  <customErrors mode="Off"/>
  <httpHandlers>
   <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    validate="false" />
  </httpHandlers>
  <machineKey validation="SHA1" />
  <httpModules>
   <add name="DomainServiceModule" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </httpModules>
  <compilation debug="true" targetFramework="4.0">
   <assemblies>
    <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
    <add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
    <add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
    <add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
   </assemblies>
   <buildProviders>
    <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </buildProviders>
  </compilation>
  <authentication mode="Forms">
   <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
  </authentication>
  <membership hashAlgorithmType="SHA1">
   <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
   </providers>
  </membership>
  <profile enabled="false">
   <providers>
    <clear />
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
   </providers>
   <properties>
    <add name="ObserverId" />
   </properties>
  </profile>
  <roleManager enabled="false">
   <providers>
    <clear />
    <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
   </providers>
  </roleManager>
 </system.web>
 <system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
   <add name="DomainServiceModule" preCondition="managedHandler" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </modules>
  <validation validateIntegratedModeConfiguration="false" />
  <handlers>
   <add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </handlers>
 </system.webServer>
 <system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
 </system.serviceModel>
 <appSettings>
  <add key="ServerUrl" value="http://localhost:51772/" />
 </appSettings>
</configuration>

Answer 6

Hi Bccollin,

I cannot find any related settings in your config file may cause this issue. Do you mind uploading a sample project (that can be used to reproduce the issue) to somewhere such as Sky Drive and share it with us? Then I will try your project on my machine.

Thanks.

---

Wenchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework

Answer 7

try to run your solution WITHOUT debugging. usually, the error message would be more clear.

---

regards, wely

Answer 8

Here's a link to a project I just created. It uses Ria services with one [Invoke] method: 
https://skydrive.live.com/redir.aspx?cid=451b3876df3a39ba&resid=451B3876DF3A39BA!417

If you set the web project to be startup, the app runs fine and you should see a message box with a "1" returned from the service.

If you set the start-up project to the Azure project it will fail with an error. Go to http://<local>/ClientBin/TestAzure-Web-TestDomain.svc and you will see the error about too many authentication modes being enabled. Inside the IIS Site that is created on the fly I see anonymous and Windows Authentication are both enabled.

Answer 9

Hi Bccollin,

Thanks for sharing your package. It is very helpful.

It turns out that there is no problem in your project but Windows Authentication is enabled by default in your IIS. The reason why windowsAuthentication is enabled when your debug your project in Azure emulator is that everytime a new temporary site is created in IIS, it inherits the default settings from IIS.

Solution will be either of the following:

1. Changing the default setting of IIS to disable Windows Authentication. Do do this, please open IIS management, select the root node (the server name), double-click "Authentication" in the command list and disable Windows Authentication.

2. Overwriting the default setting by explictly disabling Windows Authentication in web.config file.

<configuration>
  <system.webServer>
    <security>
        <authentication>
            <windowsAuthentication enabled="false" />
        </authentication>
    </security>
  </system.webServer>
</configuration>

Thanks.

---

Wenchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework

Answer 10

Hi,

I will mark the reply as answer. If you find it no help, please feel free to unmark it and follow up.

Thanks.

---

Wenchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework