none
WCF service hosted in IIS using Digest Authentication RRS feed

  • Question

  • I have hosted a WCF service in IIS, disabled Anonymous Authentication, enabled Digest Authentication... when I browse the site from within IIS, it asks for credentials and ultimately responds with the error below. 

    Any ideas ?   Thanks !

    The authentication schemes configured on the host ('Digest') do not allow those configured on the binding 'WebHttpBinding' ('Anonymous').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

    Friday, January 10, 2014 12:19 AM

Answers

  • Hi,

    To switch off anonymous access with HTTP, you need to set the security mode to TransportCredentialOnly, it should be something like this:

    <webHttpBinding>
      <binding>
        <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Windows" />
        </security>
      </binding>
    </webHttpBinding>
    
    

    Also please try to enable the wcf tracing to find the root cause.
    # How to enable the WCF tracing:
    http://msdn.microsoft.com/en-us/library/ms733025.aspx .

    If the above can not help, please try to post your config file here.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, January 10, 2014 7:41 AM
    Moderator
  • Thanks for the response Amy...

    In the meantime I ran across a post that does appear to resolve the issue by setting the clientCredentialType attribute to InheritedFromHost.

    http://blogs.microsoft.co.il/idof/2011/09/25/whats-new-in-wcf-45-multiple-authentication-support-on-a-single-endpoint-in-iis/


    1. Create a service and host it in IIS.


    2. Define the service’s endpoint to use any of the HTTP bindings (basicHttp, wsHttp…).


    3. Create a binding configuration for the endpoint, and set the security to either Transport, or TransportCredentialsOnly (in basicHttp).


    4. In the transport’s configuration, set the clientCredentialType attribute to InheritedFromHost – this is a new value that was added in WCF 4.5. This value is currently not documented in MSDN.

    Thanks,

    Rob

    Friday, January 10, 2014 1:12 PM

All replies

  • Hi,

    To switch off anonymous access with HTTP, you need to set the security mode to TransportCredentialOnly, it should be something like this:

    <webHttpBinding>
      <binding>
        <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Windows" />
        </security>
      </binding>
    </webHttpBinding>
    
    

    Also please try to enable the wcf tracing to find the root cause.
    # How to enable the WCF tracing:
    http://msdn.microsoft.com/en-us/library/ms733025.aspx .

    If the above can not help, please try to post your config file here.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, January 10, 2014 7:41 AM
    Moderator
  • Thanks for the response Amy...

    In the meantime I ran across a post that does appear to resolve the issue by setting the clientCredentialType attribute to InheritedFromHost.

    http://blogs.microsoft.co.il/idof/2011/09/25/whats-new-in-wcf-45-multiple-authentication-support-on-a-single-endpoint-in-iis/


    1. Create a service and host it in IIS.


    2. Define the service’s endpoint to use any of the HTTP bindings (basicHttp, wsHttp…).


    3. Create a binding configuration for the endpoint, and set the security to either Transport, or TransportCredentialsOnly (in basicHttp).


    4. In the transport’s configuration, set the clientCredentialType attribute to InheritedFromHost – this is a new value that was added in WCF 4.5. This value is currently not documented in MSDN.

    Thanks,

    Rob

    Friday, January 10, 2014 1:12 PM