ServiceActivationException - IIS Specifies more than 1 Authentication Scheme

Question

I have a data service that works fine under Cassini, but when I move it to IIS I get this exception.  Has anyone seen this before?  Unchecking integrated security causes VS to given an error that it can't enter debugging because integrated security isn't available.

Server Error in '/SilverlightPathTest.Web' Application.

---

IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidOperationException: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[InvalidOperationException: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.] System.ServiceModel.Web.WebServiceHost.SetBindingCredentialBasedOnHostedEnvironment(ServiceEndpoint serviceEndpoint, AuthenticationSchemes supportedSchemes) +446124 System.ServiceModel.Web.WebServiceHost.AddAutomaticWebHttpBindingEndpoints(ServiceHost host, IDictionary`2 implementedContracts, String multipleContractsErrorMessage) +709 System.ServiceModel.Web.WebServiceHost.OnOpening() +203 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +229 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479 [ServiceActivationException: The service '/SilverlightPathTest.Web/WebDataService1.svc' cannot be activated due to an exception during compilation. The exception message is: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used..] System.ServiceModel.AsyncResult.End(IAsyncResult result) +11527290 System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +194 System.ServiceModel.Activation.HostedHttpRequestAsyncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176 System.ServiceModel.Activation.HttpHandler.ProcessRequest(HttpContext context) +23 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

---

Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053


EDIT - Based on a previous thread it appears I can change the web.config to choose a single authentication method for the data service.  Could someone point me in the right direction as to how to do this?

TIA!
James

Answer 1

Well it is actually pretty simple. A default created website supports both anonymous and integrated Windows authentication and SVC services obviously do not like that.

 

To fix this, right-click the website in your IIS manager and choose "properties". Then click the "Directory" tab, click the "Edit" button in the "Anonymous access and authentication control" area. You will see that both Anonymous access and Integrated Windows Authentication are selected. Unselect one of them, then restart IIS. After that, the application should work smoothly.

See http://dotnetbyexample.blogspot.com/2008/02/calling-wcf-service-from-javascript.html for more details

 

Cheers, Joost

Answer 2

In IIS 7 there is no "Properties" menu item to click on. While there is an Advanced Settings, this does not contain the authentication information. I am having the same issue as the original poster.

I tried going into Authentication for the site and turning off Windows Integrated authentication but this has not made any difference.

Answer 3

I am running my Data service on a shared hosted box and get the same problem as above. How I do I disable “Integrated Windows Authentication” via the web.config file? as I have no acccess to the IIS manager.

Answer 4

Nice question. I have the same problem.

Is any possibility to disable that authentication via web.config?

Answer 5

I have the exact problem on godaddy shared hosting account.

i read somewhere that you put this in your web.config.

  <system.webServer>
    <security>
        <authentication>
            <basicAuthentication enabled="false"/>
        </authentication>
    </security>
  </system.webServer>

 

you can also replace basicAuthentication with anonymouseAuthentication.

for me, it doesn't work. now i'm stuck.

Answer 6

Use following settings and it works

 <security>
        <authentication>
          <anonymousAuthentication enabled="true"/>
          <windowsAuthentication enabled="false"/>
          <basicAuthentication enabled="false"/>
        </authentication>
      </security>

Regards

Rajneesh Noonia

Blog : www.rajneeshnoonia.com

 

Answer 7

When hosting the site on IIS7, you get the following error:

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

The configuration section needs to be unlocked at the global or site level which would not be possible without having access to IIS.

 

---

0g

Answer 8

Thanks a lot, LocalJoost.

I had the same problem with IIS 7.5. The steps I took are as following:

1. Click the website in IIS Manager.

2. Double-click the Authentication icon under IIS in the window on the right.

3. Disable Windows Authentication.

---

Hong

Answer 9

Thanks a lot, LocalJoost.

I had the same problem with IIS 7.5. The steps I took are as following:

1. Click the website in IIS Manager.

2. Double-click the Authentication icon under IIS in the window on the right.

3. Disable Windows Authentication.

---

Hong

works... solve the problem

Answer 10

thanks a lot, Rajnish Noonia