locked
WCF wsHTTPBinding with Anonymous Disabled Windows Authentication Enabled RRS feed

  • Question

  • <behaviors></behaviors>

    I have WCF Service with the configuration like above.
    In IIS Disabled Anonymous Access, Enabled Windows Authentication.

    If i try to add service

    It didn't allow. I enabled Anonymous Access. And added service reference, service reference got added.

    When I run the application it works.

    If I disable the anonymous access.

    Application fails.


    <bindings>
          <wshttpbinding>
            <binding name="wsHttpEndpointBinding">
              <security mode="Transport">
                <transport clientCredentialType="Windows"></transport>
              </security>
            </binding>
          </wshttpbinding>
        </bindings>
        <services>
          <service behaviorConfiguration="sb" name="WCFServiceSample.MyService">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="WCFServiceSample.IMyService" name="wsHttpEndpoint">
    
            </endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange" name="mexTcpBindingEndpoint">
              
            </endpoint>
            
            <host>
              <baseaddresses>
                <add baseAddress="https://xxxxxx/WCFServiceSample/"></add>
              </baseaddresses>
            </host>       
          </service>
          
        </services>
     
        <behaviors>
          <servicebehaviors>
    
            <behavior name="sb">
              
              <servicemetadata httpGetEnabled="false"></servicemetadata>
              <servicedebug includeExceptionDetailInFaults="false"></servicedebug>
            </behavior>
          </servicebehaviors>
        </behaviors>



    • Edited by Hariram.P Thursday, February 9, 2012 2:16 PM
    Thursday, February 9, 2012 2:08 PM

Answers

  • I found the answer at last.

    Windows Authentication is performed via Headers, WCF will not authenticate via Headers instead Window authentication is performed in Message Call.

    If you add reference of the service as Add Web Reference, you might see the actual happening.

    If you add reference as Service Reference. It is using the current user impersonated and that tooken is passed to the service and it is working fine.

    If you move the service out of domain, Both Web Reference and Service Reference windows authentication is working fine.

    Thanks

    Hari


    Hari

    • Marked as answer by Hariram.P Friday, February 10, 2012 7:24 AM
    Friday, February 10, 2012 7:24 AM

All replies

  • What you see is normal.

    If you configure WCF to handle security, you should enable anonymous access in IIS. It's WCF that will handle security in your case, not IIS.


    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.

    Thursday, February 9, 2012 6:39 PM
  • I too thought the same way. I have check ServiceSecurityContext.Current.Windows.User.IsAuthenticate

    It is giving true even the application is running via Anonymous.

    I'm testing this application in Windows Lan, which authenticate via Window Domain Control. I have created a system local account and ran the application with the local account.


    Hari

    Friday, February 10, 2012 4:20 AM
  • Again, this makes sense. WCF is handling the authentication, no need to enable authentication again in IIS.

    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.

    • Marked as answer by Hariram.P Friday, February 10, 2012 7:21 AM
    • Unmarked as answer by Hariram.P Friday, February 10, 2012 7:21 AM
    Friday, February 10, 2012 6:36 AM
  • I found the answer at last.

    Windows Authentication is performed via Headers, WCF will not authenticate via Headers instead Window authentication is performed in Message Call.

    If you add reference of the service as Add Web Reference, you might see the actual happening.

    If you add reference as Service Reference. It is using the current user impersonated and that tooken is passed to the service and it is working fine.

    If you move the service out of domain, Both Web Reference and Service Reference windows authentication is working fine.

    Thanks

    Hari


    Hari

    • Marked as answer by Hariram.P Friday, February 10, 2012 7:24 AM
    Friday, February 10, 2012 7:24 AM