Get started for free
Visual Studio Developer Center >
"Security settings for this service require Windows Authentication..." exception

Answered "Security settings for this service require Windows Authentication..." exception

  • Friday, November 03, 2006 12:49 PM
     
     
    Sign In to Vote
    0

    Hi,

    I have got a WCF (Feb Beta 2) service, hosted in IIS 6.0 on a W2K3 server.

    Directory security is IIS is set to "Windows" as is the System.Web Authentication mode attribute in the Web.Config.

    The WCF section in the Web.Config uses basicHttpBinding with a CustomBinding that uses TransportCredentials set to "Windows" for UserName (similar to this sample below)

    <configuration>
    <system.serviceModel>
      <behaviors>
        <serviceBehaviors>
          <behavior name="MyServiceTypeBehaviors" >
            <serviceMetadata httpGetEnabled="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <bindings>
            <basicHttpBinding>
                <binding name="HTTPClientBinding">
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Windows" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <services>
            <service name="TestAuth.service1" behaviorConfiguration="MyServiceTypeBehaviors">
                <endpoint binding="basicHttpBinding" bindingConfiguration="HTTPClientBinding"
                    name="EndPoint" contract="TestAuth.IService1" />
            </service>
        </services>
    </system.serviceModel>
      <system.web>
        <authentication mode="Windows">
        </authentication>
        <identity impersonate="true"/>
      </system.web>
    </configuration>

    When I browse to it using IE I get the following error:

    "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

    Any ideas - I got a feeling the IIS installation might be flawed, but before I go down that path I would like to know if this is perhaps a common error.

    Thanks to anyone who might be able to help in advance :)

    Kurt

     

All Replies

  • Friday, December 29, 2006 6:06 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    To access a the service you require both Integrated auth and anonymous auth on the virtual directory in IIS. The WCF stack would authenticate the client and not IIS for the service this is why you need anonymous auth.

    If you need to disable anonymous auth on IIS and use windows auth you need to do this http://blogs.msdn.com/sajay/archive/2006/12/01/disabling-anonymous-authenticaiton-on-iis-for-message-security-or-impersonation.aspx

    http://blogs.msdn.com/wenlong/archive/2006/12/01/impersonation-with-double-identities.aspx

    Does this help.?

     
  • Wednesday, October 31, 2007 4:09 AM
     
     
    Sign In to Vote
    0

    Hi,

     

    I am facing the same problem with WCF service. Please let me know whether you got this resolved. If so, please tell me how the web.config file look like.

     

     
  • Thursday, November 08, 2007 2:28 AM
     
     Answered
    Sign In to Vote
    1

    I just hit this as well and found it was quite straightforward with this how to:

     

     <system.web>
        <authentication mode="Windows"/>
     </system.web>

     
  • Thursday, January 29, 2009 5:04 PM
     
     
    Sign In to Vote
    0

    web.config:

    <configuration>
        <location>
            <system.webServer> 
                <security>
                    <authentication>
                        <anonymousAuthentication enabled="true"/>
                    </authentication>
                </security> 
            </system.webServer> 
        </location>
    ...

    %windir%\system32\inetsrv\config\applicationHost.config

              <section name="anonymousAuthentication" overrideModeDefault="Allow" />

    Warning: beware that everything under the dir where that web.config is becomes visible, unless settings are it's overriden, so this the more granular possible way... just be careful ☺

     
  • Friday, November 20, 2009 8:18 PM
     
     
    Sign In to Vote
    0
    Ariel,

    You are exactly right with this reply. Without both of these in web.config it will not work:

    <authentication mode="Windows"/>



    <authentication>
      <anonymousAuthentication enabled="true"/>
    </authentication>
     
  • Friday, November 20, 2009 9:13 PM
     
     
    Sign In to Vote
    0

    web.config:

    <configuration>
        <location>
            <system.webServer> 
                <security>
                    <authentication>
                        <anonymousAuthentication enabled="true"/>
                    </authentication>
                </security> 
            </system.webServer> 
        </location>
    ...

    %windir%\system32\inetsrv\config\applicationHost.config

              <section name="anonymousAuthentication" overrideModeDefault="Allow" />

    www.ruyasoft.net

    http://www.ruyasoft.net
     
  • Wednesday, January 16, 2013 6:24 PM
     
      Has Code
    Sign In to Vote
    0

    Change your mexendpoint to have basicHttpBinding and add new bindingConfiguration = 

    <services> 
      <service behaviorConfiguration="basicWS.ServiceBehavior" name="basicWS.Test"> 
        <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" bindingConfiguration="NewbasicBinding" /> 
        <endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="NewbasicBinding" /> 
      </service> 
  </services>
    <bindings>
          <basicHttpBinding>
            <binding name="NewbasicBinding">
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>