5
votes

I have a wcf service that will only work once I deploy it to a server and configure through IIS. there error message I get when running it through IIS express is:

The authentication schemes configured on the host ('Ntlm, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

My web.config services binging looks like this:

 <services>
      <service name="LMS.Services.Services.AppService" behaviorConfiguration="LargeDataRequestBehavior">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="LMS.Services.Services.AppService" />
        <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="IMetadataExchange" />
      </service> </services>

and my binding looks like this:

   <bindings>
      <basicHttpBinding>
        <binding name="basicHttp_LargeDataRequestBinding" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />          
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" >              
            </transport>
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      <basicHttpBinding>
    </bindings>

Any Help would be greatly appreciated.

2

2 Answers

7
votes

Try changing this part. The issue is that the enum for Credential Type Windows maps to a protocol called Negotiate. IIS is informing you that Negotiate has not been enabled on your website, only Basic (no security) and Ntlm (another form of Windows Security) is allowed.

<bindings>
  <basicHttpBinding>   
    <binding>      
      <security >
        <transport clientCredentialType="Ntlm" >              
        </transport>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

The WTF here is that there is a mismatch between "Negotiate" and "Windows".

1
votes

Updating IIS Authentication settings as below fixed it in my case:

  • Anonymous Authentication: Disabled
  • Windows Authentication: Enabled