Thursday, September 15, 2011
Thursday, January 13, 2011
Windows Authentication in WCF
The WCF services with BasicHttpBinding are usually hosted with Anonymous access. If we are disabling the Anonymous Authentication from the IIS, the web service will throw the following error message
“Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.”
For changing the Anonymous to Windows authentication we need to make some service configuration level changes.
First we need to make sure that the Authentication mode of service is windows.
<authentication mode="Windows" />
After that, the service binding settings need to be changed for implementing the security. The BasicHttpBinding uses HTTP as the transport for sending the messages and does not provide any security. This binding is designed for interoperability with web service provides that do not implement security. However, you can switch on security by setting the Mode property to Transport, to enable transport security.
Inside the <system.serviceModel> configuration tag in web.config,
<bindings>
<basicHttpBinding>
<binding name="SecurityByTransport">
<security mode="Transport">
<transport clientCredentialType="Windows" />
security>
binding>
basicHttpBinding>
bindings>
Here you can configure the service settings with above binding configuration by assigning bindingConfiguration as binding name provided.
<services>
<service behaviorConfiguration="WCFWindowsBasicHttpBinding.Service1Behavior"
name="WCFWindowsBasicHttpBinding.Service1">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="SecurityByTransport"
name="BasicHttpEndpoint" contract="WCFWindowsBasicHttpBinding.IService1">
<identity>
<dns value="localhost" />
identity>
endpoint>
service>
services>
This is the configurations for hosting the BasicHttpBinding service with Windows authentication.
In the service client also you need to implement the same changes. In the binding configuration you need to put the same Security Mode and clientCredentialType.