How can I expose a WCF Service in a Virtual Directory w/o Forms Authentication?

Question

My group builds internally hosted ASP.NET MVC websites with forms-authentication.

I'd like to host a WCF service in the same virtual directory as an ASP.NET MVC website.

My Question:

How do I make the WCF service freely accessible, that is without forms-authentication.

My current predicament is this:

• I can access the .svc and see the wsdl information if I first authenticate through forms-authentication with a web browser.
• But when I try to access the WCF service with wcfTestClient.exe, I get the following error:

Error: Cannot obtain Metadata from http://localhost/Services/MyService.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error

Answer 1

If you can put your .svc file into a subfolder of the virtual directory, you can leverage the path attribute in Forms Authentication to enable access to it with a different level of authorization. Here is a tutorial.

Answer 2

Do you have a mex endpoint defined in your web.config for the service? The testclient is likely looking for this.

IF you do, one other possibility is to disable authorization on the services folder. I've never tested this, but in theory it may work...

So if website is localhost, put WCF service in localhost/services/myservice.svc or the like. Then add a web.config to the /services folder, which overrides the authorization and allows all:

<configuration>
   <authorization>
      <allow users="*" />
   </authorization>
</configuration>

Answer 3

I assume since you are using forms authentication that the virtual directory is configured for anonymous access in IIS. With that said, If you place your WCF service e.g. *.svc file in its own directory, you can update the main web.config file and add a location tag to disable forms authentication for the directory containing the service. Also be sure to disbale security via the WCF configuration binding settings in the web.config's <system.servicemodel> section which needs to be added if not already present:

<bindings>
  <wsHttpBinding>   <!-- one of many possible bindings -->
    <binding name="...">          
      <security mode="None"> <-- allows anonymous access -->
        <message clientCredentialType="None"/> <-- allows anonymous access -->
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

Answer 4

Many thanks to all who tried to answer this question.

After hours of troubleshooting this problem, I discovered that a custom authentication module was rejecting my client attempts to get the metadata. Suffice it to say, I needed to route around this logic.

Oh - And stepping through the code is very underrated. ;)