Shashank
Shashank

Reputation: 399

WCF Server Configuration for Windows Authentication for wsHttpBinding

I have to implement "Windows Authentication" on a service hosted on Server.
I am using "wsHttpBinding". In it "Message" is the default security mode.

Below are my server configuration:

web.config

<authentication mode="Windows" />

    <services>
          <service name="WCFWsHttpBindingHttps.Service1" behaviorConfiguration="WCFWsHttpBindingHttps.Service1Behavior">
            <!-- Service Endpoints -->
            <endpoint address="" binding="wsHttpBinding" contract="WCFWsHttpBindingHttps.IService1">
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
          </service>
        </services>
    <behaviors>
          <serviceBehaviors>
            <behavior name="WCFWsHttpBindingHttps.Service1Behavior">
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
          </serviceBehaviors>
        </behaviors>

Below is my IIS configuration: enter image description here

Inspite of all the configuration I am unable to access my service. can anyone notify where I am making mistake or have I missed any configuration.

I am receiving below error when I am trying to access my service. enter image description here

Upvotes: 1

Views: 881

Answers (1)

Aria
Aria

Reputation: 3844

When you are using wsHttpBinding, the security mode must be Transport for Windows Authentication on IIS to be used, in the other side consumers needs to have a server certificate configured.

If you use another security mode you will crossed with below exception:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

so you have to wsHttpBinding as below:

<wsHttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
</wsHttpBinding>

If you use Message security mode, it means that you will be sending an encrypted message over a non-secure transport and to encrypt the message you will have to use your own a certificate, in the other side you also have to configure how the client validates the certificate, this ensure the consumers are negotiating to the right service.

Upvotes: 1

Related Questions