11
votes

I encounter a problem with using the WebServiceHostFactory in IIS.

"IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used."

I wanted to keep both authentication schemes and managed to do so by not using the factory but setting up the endpoint manualy in web.config.

My question is what is WebServiceHostFactory doing to get this result? I was under the impression that WebServiceHostFactory would set the binding to the same webHttpBinding that I used in my config.

Edit: I have looked at WebServiceHostFactory in reflector and it is not doing anything clever. It is just a simple factory for the WebServiceHost.

Does IIS still use a service host if you set up the endpoint in config? Or is the WebServiceHost setting things up differently.

4

4 Answers

3
votes

This is what worked for me. Adding a dummy endpoint early on (before the service host is opened) as shown below seems to have done the trick. (This MSDN article hinted at this http://msdn.microsoft.com/en-us/library/bb412178.aspx.)

public class MyWebServiceHost : WebServiceHost
{
    public MyWebServiceHost (Type serviceType, params Uri[] baseAddresses) : base(serviceType, baseAddresses)
    {
        // Inserting this dummy endpoint config seemingly does the trick:
        AddServiceEndpoint(typeof(IMyContract), new WebHttpBinding(), string.Empty);
    }

    protected override void ApplyConfiguration()
    {
        // Typical programmatic configuration here per:
        // http://msdn.microsoft.com/en-us/library/aa395224.aspx
    }
}

I'm guessing this prevents WebServiceHost from creating a default endpoint, and thus shutting down a bunch of functionality.

1
votes

I'm not sure about the WebServiceHostFactory, but it sounds like you're hosting the service inside IIS and it's got more than one authentication method selected. If you've got IIS 5 or 6, try going into IIS and viewing the properties for the website or virtual directory containing your service. Go to the Directory Security tab, click the Edit button under "Anonymous access and authentication control", and then un-tick either "Anonymous access" or "Integrated Windows authentication". I'm not sure about IIS7.

1
votes

Under IIS7 you might not find where you can manage the Integrated Windows Authentication setting. In order to see the setting in IIS7 management console, you need to follow steps described in the following article: http://msdn.microsoft.com/en-us/library/x8a5axew.aspx (titled as "Error: Debugging Failed Because Integrated Windows Authentication Is Not Enabled", if link is not functional).

Hope it helps.

-1
votes

disable security in web.config-> configuration tag

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding>
          <security mode="None">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>

then your wcf service doesn't need authentication...