WCF – Windows authentication – Security settings require Anonymous

authorizationsecuritywcf

I am struggling hard with getting WCF service running on IIS on our server. After deployment I end up with an error message:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

I want to use Windows authentication and thus I have Anonymous access disabled. Also note that there is aspNetCompatibilityEnabled (if that makes any difference).

Here's my web.config:

<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <bindings>
        <webHttpBinding>
            <binding name="default">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
        <endpointBehaviors>
            <behavior name="AspNetAjaxBehavior">
                <enableWebScript />
                <webHttp />
            </behavior>
        </endpointBehaviors>
        <serviceBehaviors>
            <behavior name="defaultServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior">
            <endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding"
             contract="xxx.Web.Services.IRequestService" bindingConfiguration="default">
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
</system.serviceModel>

I have searched all over the internet with no luck. Any clues are greatly appreciated.

Best Solution

So it seems like pretty common issue. The point is to remove mex from your bindings:

<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

Alternativelly you enable Anonymous access in IIS and in your web.config you make sure anonymous access is denied.

Hope this will help some other soul. (I was 100% sure I tried it with mex removed. :-O )

Related Question