Wcf – can I have a WCF binding that goes through SSL (using https) with transport security set to none

bindingsslwcf

Greets. I realize this might be seen as a duplicate question as this but I'm getting a different error.

My IIS is setup to use SSL.
My service is setup relatively simple. Just a simple log in service.

When I try to navigate directly to the svc file on the host machine I get this error

Service cannot be activated due to an exception during compilation. The exception message is: Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

I don't want to do any authentication when accessing this particular service. Shouldn't I be able to use HTTPS binding with Transport message creds and client authentication set to none?

I have a certificate setup to comply with SSL and that seems to be fine. It's just this authentication stuff that's in the way now.

  <system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="DefaultBehaviour">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceCredentials>
        <serviceCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
          storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <wsHttpBinding>
    <binding name="wsBinding">
      <security mode="Transport">
        <message clientCredentialType="None" />
      </security>
    </binding>
  </wsHttpBinding>
  <mexHttpsBinding>
    <binding name="mex" />
  </mexHttpsBinding>
</bindings>
<services>
  <service behaviorConfiguration="DefaultBehaviour" name="Web.Login.LoginService">
    <endpoint name="wsBinding"
              address="https://staging.system.com/System/LoginService/LoginService.svc"
              binding="wsHttpBinding" bindingConfiguration="wsBinding"
              contract="Web.Login.IOLELoginService" />
    <endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="mex" name="mex" contract="IMetadataExchange" />
  </service>
</services>

Best Answer

You should be able to have that - only you're not configuring it that way!

  <security mode="Transport">
     <message clientCredentialType="None" />
  </security>

If you have Transport security, you need to set the clientCredentialType on the <transport> subelement!

Try this:

  <security mode="Transport">
     <transport clientCredentialType="None" />
  </security>

That should hopefully work (don't have the setup to test it right now)

Marc