I am struggling hard with getting WCF service running on IIS on our server. After deployment I end up with an error message:
Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.
I want to use Windows authentication and thus I have Anonymous access disabled. Also note that there is aspNetCompatibilityEnabled (if that makes any difference).
Here’s my web.config:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<bindings>
<webHttpBinding>
<binding name="default">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="AspNetAjaxBehavior">
<enableWebScript />
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="defaultServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior">
<endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding"
contract="xxx.Web.Services.IRequestService" bindingConfiguration="default">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>
</service>
</services>
</system.serviceModel>
I have searched all over the internet with no luck. Any clues are greatly appreciated.
So it seems like pretty common issue. The point is to remove mex from your bindings:
Alternativelly you enable Anonymous access in IIS and in your web.config you make sure anonymous access is denied.
Hope this will help some other soul.
(I was 100% sure I tried it with mex removed. :-O )