System.NotSupportedException: The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Ntlm'). RRS feed

  • Question

  • Hi

    I recently migrate the code from vs 2012 to vs 2013. And getting the following error while running the wcf services


    The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Ntlm').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement."

    My web config code is:

    "<?xml version="1.0"?>
        For a description of web.config changes see

        The following attributes can be set on the <httpRuntime> tag.
            <httpRuntime targetFramework="4.5.1" />
        <compilation debug="true" targetFramework="4.5.1"/>
                The <authentication> section enables configuration
                of the security authentication mode used by
                ASP.NET to identify an incoming user.
        <authentication mode="Windows"/>
                The  <customErrors> section enables configuration
                of what to do if/when an unhandled error occurs
                during the execution of a request. Specifically,
                it enables developers to configure html error pages
                to be displayed in place of a error stack trace.

                <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
                 <error statusCode="403" redirect="NoAccess.htm"/>
                 <error statusCode="404" redirect="FileNotFound.htm"/>
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
        <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
            <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ServiceLayer" applicationName="JDLWebsite" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="1000"/>
        <identity impersonate="true"/>
        <httpRuntime maxRequestLength="2147483647"/>
          The system.webServer section is required for running ASP.NET AJAX under Internet
          Information Services 7.0.  It is not necessary for previous version of IIS.
          <service name="Csla.Server.Hosts.WcfPortal" behaviorConfiguration="ImpersonationBehavior">
            <endpoint contract="Csla.Server.Hosts.IWcfPortal" binding="basicHttpBinding" bindingConfiguration="DataPortalBinding"/>
            <binding name="DataPortalBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
              <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Ntlm"/>
            <behavior name="returnFaults">
              <serviceDebug includeExceptionDetailInFaults="true"/>
            <behavior name="ImpersonationBehavior">
              <serviceAuthorization impersonateCallerForAllOperations="true"/>
              <serviceDebug includeExceptionDetailInFaults="true"/>
        <validation validateIntegratedModeConfiguration="false"/>
        <directoryBrowse enabled="true"/>
            <requestLimits maxAllowedContentLength="209715200"/>

    Please guide on this as it was working fine in vs 2012.



    Friday, July 11, 2014 6:33 AM


  • Hi,

    I have test your code in my side, then I meet the same question as you, because by default when hosting the wcf service in IIS, the Anonymous Authentication is enabled, we need to disable the Anonymous Authentication and enable the Windows Authentication as following:

    First open the IIS and click the "Authentication":

    Then do as the following:

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, July 14, 2014 6:34 AM