This is a short note to myself because it took me some time to get this to work. There are several resources on the internet describing what to do to get this to work, but I found out not everything works as expected.
My scenario: build a WCF service, accessible from the internet by a non-WCF client. The client has an AD account which should be used to authenticate the user.
My approach: implement a WCF service using basicHTTPBinding, specify the correct settings in the web.config and that’s it.
The bindings settings in the web.config looked like this:
and this:
When I deployed this service to IIS and changed the authentication in the virtual directory from “Anonymous” to “Windows” authentication, I ran into this error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service
The first thing I do with such an error is throw it into Google. A lot of results showed up, mostly regarding wsHttpBinding. However I also found a ‘recipe’ for my issue: http://rickgaribay.net/archive/2007/04/04/recipe-wcf-basichttpbinding-with-windows-authentication.aspx
It looked like a 100% match for my problem, but still I couldn’t get it to work. Also a lot of comments to the post showed other people experience the same. There are a ton of blog posts like this.
I found directions regarding:
- using “aspNetCompatibilityEnabled”
- removing the mex endpoint
- allow anonymous authentication to just the svc file
Then I started searching what exactly was causing this error. I found out that my mex endpoint was causing it, because it uses the mexHttpBinding which isn’t marked secure like my other binding (via ‘BindingConfiguration’). So this endpoint requires ‘Anonymous’ authentication, just like the error specifies.
Finally I found the solution it this blogpost (and also some others): http://www.slickit.ca/2009/02/wcf-using-iis-and-windows.html
The solution is easy, just apply the same binding to the mex endpoint and your good to go.