Home/ Questions/Q 6180441
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T00:50:42+00:00

Even though anonymous access is enabled on the Virtual Directory of the WCF service

  • 0

Even though anonymous access is enabled on the Virtual Directory of the WCF service and Integrated Authentication is disabled, I still get the error:

The HTTP request is unauthorized with client authentication scheme
‘Anonymous’. The authentication header received from the server was
‘Negotiate,NTLM’.

This is what the security definition on client binding configuration looks like:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="None" negotiateServiceCredential="false" />
</security>

And the endpoint definition:

<endpoint address="https://url.com/Service.svc"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
            contract="IService" name="WSHttpBinding_IService">
            <identity>
                <servicePrincipalName value="spn" />
            </identity>
</endpoint>

I’ve already tried adding:

client.ClientCredentials.Windows.AllowedImpersonationLevel =  System.Security.Principal.TokenImpersonationLevel.Impersonation;

But it doesn’t seem to have any effect.

Is there something on IIS that I need to change?

[EDIT]

Service configuration:

<behaviors>
   <endpointBehaviors>
      <behavior name="defaultBehavior"/>
   </endpointBehaviors>
   <serviceBehaviors>
      <behavior name="metadataSupport">
         <serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
         <useRequestHeadersForMetadataAddress>
            <defaultPorts>
               <add scheme="https" port="443" />
            </defaultPorts>
         </useRequestHeadersForMetadataAddress>
      </behavior>
   </serviceBehaviors>
</behaviors>
<services>
   <service name="ServiceLibrary.Service"
            behaviorConfiguration="metadataSupport">
      <endpoint address=""
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                contract="ServiceLibrary.IService"/>
      <endpoint address="mex"
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                name="mexHttps"
                contract="IMetadataExchange" />
   </service>
</services>
<bindings>
   <wsHttpBinding>
      <binding name="wsSecureBinding">
         <security mode="Transport"/>
      </binding>
   </wsHttpBinding>
</bindings>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Modify your binding configuration in service to:

    <bindings>
    <wsHttpBinding>
        <binding name="wsSecureBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

    It expects Windows credentials by default.

    • 0