none
"Security settings for this service require Windows Authentication..." exception

    Question

  • Hi,

    I have got a WCF (Feb Beta 2) service, hosted in IIS 6.0 on a W2K3 server.

    Directory security is IIS is set to "Windows" as is the System.Web Authentication mode attribute in the Web.Config.

    The WCF section in the Web.Config uses basicHttpBinding with a CustomBinding that uses TransportCredentials set to "Windows" for UserName (similar to this sample below)

    <configuration>
    <system.serviceModel>
      <behaviors>
        <serviceBehaviors>
          <behavior name="MyServiceTypeBehaviors" >
            <serviceMetadata httpGetEnabled="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <bindings>
            <basicHttpBinding>
                <binding name="HTTPClientBinding">
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Windows" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <services>
            <service name="TestAuth.service1" behaviorConfiguration="MyServiceTypeBehaviors">
                <endpoint binding="basicHttpBinding" bindingConfiguration="HTTPClientBinding"
                    name="EndPoint" contract="TestAuth.IService1" />
            </service>
        </services>
    </system.serviceModel>
      <system.web>
        <authentication mode="Windows">
        </authentication>
        <identity impersonate="true"/>
      </system.web>
    </configuration>

    When I browse to it using IE I get the following error:

    "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

    Any ideas - I got a feeling the IIS installation might be flawed, but before I go down that path I would like to know if this is perhaps a common error.

    Thanks to anyone who might be able to help in advance :)

    Kurt

    Friday, November 03, 2006 12:49 PM

Answers

All replies

  • To access a the service you require both Integrated auth and anonymous auth on the virtual directory in IIS. The WCF stack would authenticate the client and not IIS for the service this is why you need anonymous auth.

    If you need to disable anonymous auth on IIS and use windows auth you need to do this http://blogs.msdn.com/sajay/archive/2006/12/01/disabling-anonymous-authenticaiton-on-iis-for-message-security-or-impersonation.aspx

    http://blogs.msdn.com/wenlong/archive/2006/12/01/impersonation-with-double-identities.aspx

    Does this help.?

    Friday, December 29, 2006 6:06 PM
    Moderator
  • Hi,

     

    I am facing the same problem with WCF service. Please let me know whether you got this resolved. If so, please tell me how the web.config file look like.

     

    Wednesday, October 31, 2007 4:09 AM
  • I just hit this as well and found it was quite straightforward with this how to:

     

     <system.web>
        <authentication mode="Windows"/>
     </system.web>

    Thursday, November 08, 2007 2:28 AM
  • web.config:

    <configuration>
        <location>
            <system.webServer> 
                <security>
                    <authentication>
                        <anonymousAuthentication enabled="true"/>
                    </authentication>
                </security> 
            </system.webServer> 
        </location>
    ...

    %windir%\system32\inetsrv\config\applicationHost.config

              <section name="anonymousAuthentication" overrideModeDefault="Allow" />

    Warning: beware that everything under the dir where that web.config is becomes visible, unless settings are it's overriden, so this the more granular possible way... just be careful ☺

    Thursday, January 29, 2009 5:04 PM
  • Ariel,

    You are exactly right with this reply. Without both of these in web.config it will not work:

    <authentication mode="Windows"/>



    <authentication>
      <anonymousAuthentication enabled="true"/>
    </authentication>
    Friday, November 20, 2009 8:18 PM
  • web.config:

    <configuration>
        <location>
            <system.webServer> 
                <security>
                    <authentication>
                        <anonymousAuthentication enabled="true"/>
                    </authentication>
                </security> 
            </system.webServer> 
        </location>
    ...

    %windir%\system32\inetsrv\config\applicationHost.config

              <section name="anonymousAuthentication" overrideModeDefault="Allow" />

    www.ruyasoft.net


    http://www.ruyasoft.net
    Friday, November 20, 2009 9:13 PM
  • Change your mexendpoint to have basicHttpBinding and add new bindingConfiguration = 

    <services> 
          <service behaviorConfiguration="basicWS.ServiceBehavior" name="basicWS.Test"> 
            <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" bindingConfiguration="NewbasicBinding" /> 
            <endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="NewbasicBinding" /> 
          </service> 
      </services> 
    <bindings>
          <basicHttpBinding>
            <binding name="NewbasicBinding">
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>

    Wednesday, January 16, 2013 6:24 PM