Home/ Questions/Q 5841403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T11:53:09+00:00

I am trying to set up message level security for a WCF application that

  • 0

I am trying to set up message level security for a WCF application that I am writing. This application already has an endpoint that is set up with transport level security. Can I set up another endpoint that has message level security? This application is running over IIS by the way. I set up a separate service in the same config file like so… 

<service name="generalName">
  <endpoint address=...>
   .
   .
   .
</service>
<service name="generalName2">
   <endpoint address=""...>
</service>

The reason I ask this is because I think I have set everything up and I think It could work. But when I try and access the previous service I get the following error…

Security settings for this service
require Windows Authentication but it
is not enabled for the IIS application
that hosts this service.

I know the previous service works because I could access it before I set up the second service.

Any advice for me? Should I just try and write a completely separate service here or are there ways around this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Not knowing what binding you use – depending on whether that binding supports both transport and message security – yes, of course you should be able to expose two endpoints, one with transport security, the other with message security.

    Since this is really only one service with two endpoints, your config should look something like this (I picked wsHttpBinding as my sample – adapt as needed):

      <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="TransportSec">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
        <binding name="MessageSec">
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

    <services>
      <service name="YourService" >
        <endpoint name="Transport" 
              address="Transport"
              binding="wsHttpBinding"
              bindingConfiguration="TransportSec"
              contract="IYourService" />

        <endpoint name="Message"
              address="Message"
              binding="wsHttpBinding"
              bindingConfiguration="MessageSec"
              contract="IYourService" />
      </service>
    </services>
  </system.serviceModel>

    Basically, you define two binding configurations, and then you have two endpoints for your one service, one using the transport security binding configuration, the other endpoint using the message security binding configuration.

    Those two endpoints of course cannot have the same address – so you need to give two separate (relative) addresses to each of the endpoints.

    • 0