views:

6864

answers:

3

Hi,

I am struggling hard with getting WCF service running on IIS on our server. After deployment I end up with an error message:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

I want to use Windows authentication and thus I have Anonymous access disabled. Also note that there is aspNetCompatibilityEnabled (if that makes any difference).

Here's my web.config:

<system.serviceModel>
 <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
 <bindings>
  <webHttpBinding>
   <binding name="default">
    <security mode="TransportCredentialOnly">
     <transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
    </security>
   </binding>
  </webHttpBinding>
 </bindings>
 <behaviors>
  <endpointBehaviors>
   <behavior name="AspNetAjaxBehavior">
    <enableWebScript />
    <webHttp />
   </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
   <behavior name="defaultServiceBehavior">
    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
    <serviceDebug includeExceptionDetailInFaults="true" />
    <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
   </behavior>
  </serviceBehaviors>
 </behaviors>
 <services>
  <service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior">
   <endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding"
    contract="xxx.Web.Services.IRequestService" bindingConfiguration="default">
   </endpoint>
   <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>
  </service>
 </services>
</system.serviceModel>

I have searched all over the internet with no luck. Any clues are greatly appreciated.

+4  A: 

So it seems like pretty common issue. The point is to remove mex from your bindings:

<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

Alternativelly you enable Anonymous access in IIS and in your web.config you make sure anonymous access is denied.

Hope this will help to some other soul. (I was 100% sure I tried it with mex removed. :-O )

Rashack
I ended up using your alternative. IIS anon + Windows with web.config denying all anonymous users. I'm hosting 3.5 WCF REST with asp.net. Thanks
Nathan
A: 

Yes, it looks like you need to remove the mex endpoint completely. Setting

<serviceMetadata httpGetEnabled="false"/>

alone did not work. Thanks!

Naru
+1  A: 

You may chack this one. I managed to make it work as expected.

Padel
thanks for the info -- it'd be a bit more helpful to quote the relevant section of the information here rather than providing a bare hyperlink.
Jeff Atwood