Following the web app I mentioned in Fun with JSON and WCF (Part I), I ran into another issue with WCF hosted in IIS and serving the callers through JSON objects. My application uses integrated windows authentication to authenticate the users and grant / deny access based on the given credentials. Therefore, I have turned off anonymous access for the entire virtual directory the application is running in and turned on integrated windows authentication. Now when invoking the JSON service, I get the following exception.
[NotSupportedException: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.] System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener) +11453217 System.ServiceModel.Activation.VirtualPathExtension.ApplyHostedContext(TransportChannelListener listener, BindingContext context) +75 System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener(BindingContext context) +119 System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +66 System.ServiceModel.Channels.MessageEncodingBindingElement.InternalBuildChannelListener(BindingContext context) +67 System.ServiceModel.Channels.WebMessageEncodingBindingElement.BuildChannelListener(BindingContext context) +47 System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +66 [...]
This indicates that according to the configuration of the service binding, anonymous access is to be allowed however IIS does not allow it. Apart from the fact that I don’t understand in the first place, why the service would care about this (if it was the other way around, I’d understand), fixing it is simple. It again requires changes in the Web.config, like follows.
<configuration>
<!-- ... -->
<system.serviceModel>
<behaviors>
<!-- ... -->
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service behaviorConfiguration="MyServiceTypeBehavior" name="MyService">
<endpoint address="" behaviorConfiguration="MyServiceAspNetAjaxBehavior"
binding="webHttpBinding" bindingConfiguration="ServiceAuth"
contract="MyService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="ServiceAuth">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
The bindingConfiguration attribute on line 11 refers to the new webHttpBinding definition from lines 17 to 21. Client authentication is there specified to be integrated windows authentication.
Thanks for the great post. I tried setting this but now I get error "Security setting for this service require windows authetncation but its not enabled for the IIS applicaiton that hosts this srevice"
I have enabled "Integrated" and Basic authetncation. If I change the clientCredentialType to basic or Integrated, it keep throwing unauthorized error. I am running on SharePoint and trying to call this service from JSON(browser)
Any help would be appreciated
Have you tried just using either one of ‘Integrated Windows Authentication’ and ‘Basic Authentication’ but not both at the same time? Given that you cannot set multiple authentication mechanisms in the Web.config (well, at least I haven’t found a way to do that) it makes sense to restrict the auth mechnism in IIS to only the one which JSON on the server will support.