WCF: Using IIS and Windows Authentication to Secure WCF Services

If you try to get Windows Authentication working in IIS for a WCF service (including the one I showed you earlier), you may get the following error:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

The problem here is that IIS and WCF are fighting over security. You’ve told IIS to prevent Anonymous access and use Windows Authentication instead. WCF, however, knows nothing about this. The answer is simple. Change your web.config file like so:

<?xml version="1.0"?> 
<configuration> 
 
  <system.serviceModel> 
    <services> 
      <service behaviorConfiguration="basicBehavior" name="WCFTest.Test"> 
        <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" bindingConfiguration="basicBinding" /> 
        <endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="basicBinding" /> 
      </service> 
    </services> 
    <behaviors> 
      <serviceBehaviors> 
        <behavior name="basicBehavior"> 
          <serviceMetadata httpGetEnabled="true" /> 
        </behavior> 
      </serviceBehaviors> 
    </behaviors> 
    <bindings> 
      <basicHttpBinding> 
        <binding name="basicBinding"> 
          <security mode="TransportCredentialOnly"> 
            <transport clientCredentialType="Windows"/> 
          </security> 
        </binding> 
      </basicHttpBinding> 
    </bindings> 

  </system.serviceModel>

The key change here is a new binding configuration called basicBinding. Have a look at the <security> and <transport> nodes. These tell WCF that security will be handled by the transport layer, that only credentials will be confirmed, and that it should quit worrying and get back to work.

Posted by Paul on Wednesday, February 18, 2009
Labels: ,

6 comments:

  1. mknopfFriday, July 31, 2009 2:19:00 pm

    thanks for the info, very helpful

    ReplyDelete
  2. PaulTuesday, January 19, 2010 6:39:00 am

    Nice one mate, very useful

    ReplyDelete
  3. AnonymousFriday, March 05, 2010 8:53:00 am

    how can I read windows credentials received on the server? I'd like to read into server method credentials sent by client

    ReplyDelete
  4. AnonymousTuesday, March 09, 2010 5:29:00 am

    This doesn't work if your client is Silverlight 3. Any ideas?!

    ReplyDelete
  5. AnonymousMonday, April 12, 2010 8:23:00 am

    Cheers

    ReplyDelete
  6. sudheerMonday, December 05, 2011 9:50:00 am

    Thank You it is working but by adding

    ""

    web.config file will have two end points at client side when added service reference. I am getting this error
    "error WCF:More than one endpoint configuration for that contract was found"

    I deleted extra end point (mex) in the web.config at client side and it is working but I didn't understand why it should be added at Service Side and Delete at Client Side ??

    ReplyDelete

Subscribe to: Post Comments (Atom)

Copyright © 2010 Paul Guenette and Matthew Sleno.