Best IT Recipes

WCF - Windows Authentication - Security Settings Require Anonymous

I'm struggling to start the WCF service on IIS on our server. After deployment, I get an error message:

Security settings for this service require Anonymous authentication, but it is not enabled for the IIS application that hosts this service.

I want to use Windows authentication and therefore I have disabled anonymous access. Also note that there is aspNetCompatibilityEnabled (if that matters).

Here is my web.config:

<system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <bindings> <webHttpBinding> <binding name="default"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows"/> </security> </binding> </webHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="AspNetAjaxBehavior"> <enableWebScript /> <webHttp /> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="defaultServiceBehavior"> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" /> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceAuthorization principalPermissionMode="UseWindowsGroups" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior"> <endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding" contract="xxx.Web.Services.IRequestService" bindingConfiguration="default"> </endpoint> <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint> </service> </services> </system.serviceModel>

I searched all over the internet with no luck. Any hints are welcome.

+43
security authorization wcf
Jun 22 '09 at 12:12
source share
8 answers

So this seems like a fairly common problem. The point is to remove mex from your bindings:

 <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

Alternatively, you enable anonymous access in IIS and in your web.config to make sure that anonymous access is denied.

Hope this helps another soul. (I was 100% sure that I tried it with mex removal .: -O)

+42
Jun 22 '09 at 12:30
source share

You can check out this one . I managed to get it to work properly.

 <configuration> ... <system.serviceModel> ... <bindings> <basicHttpBinding> <binding> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" /> </security> </binding> </basicHttpBinding> </bindings> ... </system.serviceModel> ... </configuration>
+14
Jun 17 '10 at 12:40
source share

just use your bindings for mex too.

So, change the current configuration:

 <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

to

 <endpoint address="mex" binding="webHttpBinding" bindingConfiguration="default" name="mex" contract="IMetadataExchange"></endpoint>

This should solve the problem.

+11
Feb 16 '11 at 11:55
source share

Anonymous authentication may and in some cases should be enabled for the service, but not for the site.

So, make sure that the authentication of your root on your site is enabled only for Windows authentication. Then expand your site, select the "service" folder and make sure that your service includes support for Windows and anonymous authentication.

I had an identical environment where it worked, only the difference in these environments was service authentication. The problem in my case was not caused by the selected providers (Ntlm or Negotiate), but the authentication settings for the site and service.

At least I had an identical error message with the underlying website and the MSSQL Master Data Services, and that was the solution. I got an error when starting only the service, but the site was working almost fine, MDS Explorer did not work, because the authentication settings of the service were incorrect at first. Could this missed configuration be caused by an error in MDS Configuration Manager when creating a new MDS site?

So in my case, the problem was not fixed by performing any special editing in the web.config file and in the ApplicationHost.config files, I did not edit the configuration files. Simply select the correct authentication settings for the website and its service in IIS Manager. I'm not sure this is so, but maybe it is worth a try?

+2
Jan 30 '13 at 8:37
source share

This worked for me when I delete the endpoint β€œmex” and also set clientCredentialType = 'Ntlm' I was accepting WCF inside SharePoint.

+1
Dec 25 '13 at 16:46
source share

Yes, it looks like you need to completely remove the mex endpoint. Installation

 <serviceMetadata httpGetEnabled="false"/>

one did not work. Thank!

0
Mar 25 '10 at 10:02
source share

Additional solution:

You just need to make sure the service name and contract are correct.

Hope this helps.

0
Nov 07
source share

It seems that the MEX binding issue has been fixed in .NET 4.0. Changing our App Pool.NET CLR server from version 2.0 to 4.0 fixed the problem.

0
May 2, '17 at 21:05
source share


More articles:


All Articles