none
Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this

    Question

  • Hi,

     

    We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2

     

    Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

     

    NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2

     

    IIS Setting

     

    "Integrated Windows Authentication" is enabled in the "Directory Security"

     

    Web.Config

    <system.serviceModel>

    <bindings>

    <basicHttpBinding>

    <binding name="Binding1">

    <security mode="TransportCredentialOnly">

    <transport clientCredentialType="Windows" />

    </security>

    </binding>

    </basicHttpBinding>

    </bindings>

    <services>

    <service name="Service1" behaviorConfiguration="Service1.Service1Behavior">

    <!-- Service Endpoints -->

    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="Binding1" contract="C.S.IService">

    <!--

    Upon deployment, the following identity element should be removed or replaced to reflect the

    identity under which the deployed service runs. If removed, WCF will infer an appropriate identity

    automatically.

    -->

    <identity>

    <dns value="localhost"/>

    </identity>

    </endpoint>

    </service>

    </services>

    <behaviors>

    <serviceBehaviors>

    <behavior name="Service1.Service1Behavior">

    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->

    <serviceMetadata httpGetEnabled="true"/>

    <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->

    <serviceDebug includeExceptionDetailInFaults="true"/>

    </behavior>

    </serviceBehaviors>

    </behaviors>

    </system.serviceModel>

     

    Please guide me to fix this issue.

     

    -Regards

    Prabashmi

     

     

    Wednesday, January 30, 2008 11:33 AM

All replies

  • Hi,
    I'm having the same problem.
    Did you manage to solve it?

    Best Regards,
    Alex Linder.
    Wednesday, November 05, 2008 3:15 PM
  • We´re also experiencing the exact same issue, works on XP but not on Windows Server with same web.config.

    Found any solution?

    Friday, November 07, 2008 10:30 AM
  • I maneged to solve my problem by deleting the mex endpoint element from the config file of the service.
    Wednesday, November 12, 2008 6:05 PM
  •  
    Deleting the mex endpoint from the web.config file did not do the trick for us. It seemed to make no difference. 

    BUT! 

    I solved to problem by setting the clientCredentialType to Ntlm instead of Windows.

    <security mode="TransportCredentialOnly">

    <transport clientCredentialType="Ntlm"/>

    </security>

    • Proposed as answer by Daniel_Bergsten Thursday, November 13, 2008 10:42 AM
    Thursday, November 13, 2008 10:40 AM
  • Please make sure only Integrated Windows Authentication is enabled but not anonymous access. And also make sure this is set on the specific vdir itself. Your parent website could have different settings.
    Friday, November 21, 2008 8:13 AM
    Moderator
  • i have setup IIS 6.0 on Windows Authenticaiton only

    my config file is 

    <system.serviceModel>

        <bindings>

          <basicHttpBinding>

            <binding name="windowsBinding">

              <security mode="TransportCredentialOnly">

                <transport clientCredentialType="Windows"/>            

              </security>

            </binding>

          </basicHttpBinding>

        </bindings>    

    <services>

    <service name="EmployeeService.EmployeeService" 

                   behaviorConfiguration="EmployeeService.Service1Behavior"

                   >

    <!-- Service Endpoints -->

            <endpoint address=""

                      binding="basicHttpBinding"

                      contract="EmployeeService.IEmployee"                  

                      bindingConfiguration="windowsBinding"                    

                      >

              <!-- 

                  Upon deployment, the following identity element should be removed or replaced to reflect the 

                  identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 

                  automatically.

              -->

     

              <identity>

                <dns value="localhost"/>

     

              </identity>

            </endpoint>

            <endpoint address="mex"

                      binding="mexHttpBinding"

                      contract="IMetadataExchange">

            </endpoint>

    </service>

    </services>

    <behaviors>

    <serviceBehaviors>

    <behavior name="EmployeeService.Service1Behavior">

    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->

    <serviceMetadata httpGetEnabled="true"/>

    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->

    <serviceDebug includeExceptionDetailInFaults="false"/>

    </behavior>

    </serviceBehaviors>

    </behaviors>

    </system.serviceModel>

     

    i have also added 

    <authentication mode="Windows"/>
    <identity impersonate ="true"/> 

    in the web.config file. 

     

    the WCF service is hosted on IIS 6 and when browsing it throws the exception

    Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this servicea

    any help is much appreciated

     

    regards

    Yawar 

     

     

    Wednesday, September 22, 2010 11:16 AM
  •  

     

    i dont know the reason but following configuration works for me.

     

    I have following settings

    1) On the IIS 6, only Integrated Windows Authentication is checked

    2) The Contract Operation method has Operation Behaviour " [OperationBehavior(Impersonation=ImpersonationOption.Required)]"

    3) I have following config file for the WCF service. 

     

    The Contract Operation impersonated the caller's identity and returns the name using "System.Security.Principal.WindowsIdentity.GetCurrent().Name" name property. 

     

    this is all good for impersonation of the caller's credentials. I dont know how to delegate caller credentials for back end server. 

     

    <system.serviceModel>

     

        <!--Service binding configuration-->        

        <bindings>

          <basicHttpBinding>

            <binding name="basicBinding">

              <security mode="TransportCredentialOnly">

                <transport clientCredentialType="Windows" />

              </security>

            </binding>

          </basicHttpBinding>

        </bindings>

     

        <!--Service endpoint configuration-->   

        <services>      

          <service behaviorConfiguration="basicBehavior" name="EmployeeService.EmployeeService">

            <endpoint address=""

      binding="basicHttpBinding"

      contract="EmployeeService.IEmployee"

                              bindingConfiguration="basicBinding"

    >        

            </endpoint>        

            <endpoint address="mex"

             binding="basicHttpBinding"

     contract="IMetadataExchange"

     bindingConfiguration="basicBinding"

    />        

          </service>      

        </services>

     

     

     

        <!--Service behavior configuration-->

        <behaviors>

          <serviceBehaviors>

            <behavior name="basicBehavior">

              <serviceMetadata httpGetEnabled="true" />          

            </behavior>

          </serviceBehaviors>

        </behaviors>

     

      </system.serviceModel>  

     

     

    Regards

    Yawar

     

    • Proposed as answer by yawar.khuwaja Thursday, September 23, 2010 12:30 PM
    Thursday, September 23, 2010 12:29 PM
  • I solved following Daniel Bergsten recomendation...

    I solved to problem by setting the clientCredentialType to Ntlm instead of Windows.


    <security mode="TransportCredentialOnly">

    <

     

    transport clientCredentialType="Ntlm"/>

    </

     

    security>

     

    • Proposed as answer by Pradipta Nayak Thursday, January 19, 2012 1:03 PM
    Thursday, November 04, 2010 4:52 AM
  • Hello Israel_mx

    with "transport clientCredentialType="Ntlm"/>" you can only impersonate client's credentails on the local server. it has to be "  <transport clientCredentialType="Windows"/>" to make Kerberos work and delegate caller's credentials.

    thanks

    Friday, November 19, 2010 4:17 PM
  • This worked for us!!!
    Wednesday, September 21, 2011 9:53 PM
  • NTLM does not work the same way as Windows. If you want really Windows, just remove the piece of code which says  bindingConfiguration="your_basicHttpBinding_binding_name" from the endpoint... That should work.
    Monday, March 12, 2012 5:18 AM
  • I had the same problem, but fixed it in the IIS (7) config by adding "Negotiate" as a provider under the Windows Authentication entry.  It seems to only have NTLM by default.

    Hope this helps

    Regards,

    Mark

    Wednesday, March 28, 2012 9:24 AM