The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate').

26
votes

The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

9
wcfwcf-securitybasichttpbindingtransport-security

9 Answers

38
votes

This error may be shown when you don't have authentication modes installed in your local IIS Webserver. Go to Control Panel -> Programs -> Turn Windows features on or Off

Check Internet Information services -> Wold wide web Services -> Security -> and enable Basic, Windows, Digest Authentication modes. Open IIS and navigate to your application and go to the authentication section and Enable the required authentication modes. For me the authentication modes didn't show up immediately after the installation or after webserver restart. Doing a machine reboot showed them in the webapplication.

18
votes

If you face this problem while debugging in Visual Studio, select your project and change authentication in properties.

VS win auth

13
votes

If necessary - install features as described above, open IIS Manager, open the server features:

enter image description here

open the feature "Authentication":

enter image description here

enable/disable needed ones:

enter image description here

2
votes

I solved this issue adding Negotiate to IIS Authentication Providers: enter image description here

1
votes

When this happened to me, I found was that Visual Studio was using the 'Default Web Site' to host my service when adding the service reference using the 'Discover' button. So to fix, I had to enable the authentication my service was using on the 'Default Web Site' in IIS. Since I was using Windows Authentication, enabling it for the 'Default Website' in IIS and this seems to have fixed my problem. Of course if your service is using another type of auth, you will have to enable the correct authentication.

To configure the auth, open IIS. Under 'Sites', select the 'Default Web Site' and then Authentication.

1
votes

This was occurring for me as the site had WCF configured for Windows Authentication...

<security mode="Transport">
    <transport clientCredentialType="Windows" />
</security>

However IIS had Windows Authentication Disabled and Anonymous Authentication Enabled. The fix was to Enable Windows Authentication in IIS.

0
votes

In my case, the problem was in bad configuration of service after refactoring. If the name attribute in service tag does not point to existing class, you may get this exception, which will totaly mislead you.

So mind the name:

<service behaviorConfiguration="FooBehavior" name="Fully.Qualified.Name.Of.Class.Implementing.Service.Contract.Here">
0
votes

just restarting IIS fixed my issue

0
votes

If you are trying to configure a service for 'Basic Authentication' in IIS (ie, it prompts for a username/password), then the security transport settings should be set as follows:

For basicHttpBinding

<security mode="Transport">
  <transport clientCredentialType="Basic" />
  <message clientCredentialType="UserName" />
</security>

For webHttpBinding

<security mode="Transport">
  <transport clientCredentialType="Basic" />
</security>