http://social.msdn.microsoft.com/Forums/vstudio/en-US/9e60fd61-aa84-453a-b340-8e1334d7acc9/wcf-service-hosted-in-iis-7-returning-error-security-settings-for-this-service-require-anonymous. There was a lot of talk about setting IIS to anonymous and letting it go at that. This would ignore the whole binding process for WCF.
My particular problem was that my IIS site hosted was locked down to Windows authentication due to the application requirements. We are communicating with a database via this application and can not allow anonymous access due to security restrictions. We still needed to run a WCF service to do the actual communication with the database to our mid tier. This can be done but you need to set the binding for the service correctly.
Solution:
You need to define the security for the WCF service in the configuration bindings
Sample:
<system.serviceModel>
<services>
<service name = "WorkflowService" behaviorConfiguration="serviceBehavior">
<host>
<baseAddresses> <add baseAddress=https://yourserver /> </baseAddresses>
</host>
<endpoint name = "BasicHttpEndpoint"
binding = "basicHttpBinding"
bindingConfiguration = "WorkflowBinding"
contract = "IWorkflowService"
behaviorConfiguration="WorkflowEndpointBehavior">
</endpoint>
</service>
</services>
This sample defines my service which will need to be "anonymous" to invoke the service on an SSL windows IIS site. The key is in the definition of bindingConfiguration. This sample service would need the binding defined so:
<bindings>
<BasicHttpBinding>
<binding name="WorkflowBinding" receiveTimeout="00:30:00" sendTimeout="00:30:00"
maxReceivedMessageSize="2147483647"/>
<security mode="Transport">
<transport clientCredentialType="Windows"
proxyCredentialType="UserName"
algorithmSuite="Default"/>
</security>
</binding>
</BasicHttpBinding>
</bindings>
Set the security mode to transport and specify the credentialtype as windows. This is the key to getting past this error.
clientCredentialType
| clientCredentialType |
|
| proxyCredentialType |
|
http://msdn.microsoft.com/en-us/library/ms731334(v=vs.100).aspx
security mode
| Member name | Description | |
|---|---|---|
 | None | The SOAP message is not secured during transfer. This is the default behavior. |
| Transport | Security is provided using HTTPS. The service must be configured with SSL certificates. The SOAP message is protected as a whole using HTTPS. The service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType. |
| Message | Security is provided using SOAP message security. For the BasicHttpBinding, the system requires that the server certificate be provided to the client separately. The valid client credential types for this binding are UserName and Certificate. | |
| TransportWithMessageCredential | Integrity, confidentiality and server authentication are provided by HTTPS. The service must be configured with a certificate. Client authentication is provided by means of SOAP message security. This mode is applicable when the user is authenticating with a UserName or Certificate credential and there is an existing HTTPS deployment for securing message transfer. |
| TransportCredentialOnly | This mode does not provide message integrity and confidentiality. It provides only HTTP-based client authentication. Use this mode with caution. It should be used in environments where the transfer security is being provided by other means (such as IPSec) and only client authentication is provided by the infrastructure. |
source:http://msdn.microsoft.com/en-us/library/system.servicemodel.basichttpsecuritymode(v=vs.100).aspx
No comments:
Post a Comment