Reputation: 1
AJAX Service Requires 'Anonymous' Authenication, but needs to use 'Windows' Authenication
I have seen several postings for issues with consuming AJAX web services and the receiving of the error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
The threads all have several solutions that at least for me have not worked and then a final posting of ‘Got it to work’, but what was done to get it to work is never actually given. I am developing a website using AJAX-Enabled ‘WCF’ Services. I do not have access to the server configuration, so changing the server to allow for Anonymous access is not an option. The current website configuration works for when the site is ran on the local host development machine. However, when the website is published to the server that does not allow Anonymous access, I get the above error. I have created a simple AJAX service that does nothing but returns a string to the calling JavaScript function. The simple setup still has the authentication issue, there for leading me to believe that the issue is with the setup of how the AJAX services are defined in the Web.Config. Any suggestions to get me past the above error, would be greatly appreciated it! I believe I need to get the AJAX services to use windows authentication and through the research of the threads have played around with the binding type and the security in use for the Transport and Message. I have tried a black setting, NTLM, and Windows, but I have not found the combination that was successful.
Current Web.Config
<?xml version="1.0"?>
<configuration>
<system.web>
<roleManager enabled="true" />
<sessionState cookieless="false" regenerateExpiredSessionId="true" />
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Services.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Windows" />
<identity impersonate="true" />
<pages enableViewStateMac='false' controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
validate="false" />
</httpHandlers>
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="default"/>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="webScriptEnablingBehavior">
<enableWebScript/>
</behavior>
<behavior name="srvTestAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<behavior name="MyServiceTypeBehaviors">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="srvTest" behaviorConfiguration="MyServiceTypeBehaviors">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="default"
contract="srvTest"
behaviorConfiguration="srvTestAspNetAjaxBehavior" />
</service>
</services>
</system.serviceModel>
</configuration>
Upvotes: 0
Views: 1253
Answers (2)
Reputation: 976
No need to use good old WebServices. Following WCF configuration works with Windows or NTLM authentication (I am using with AutoCompleteExtender)
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="MyBindingForWindowsAuth">
<security mode="TransportCredentialOnly">
<!-- For Ntlm to work do => IIS right click Win Auth => Providers => Move NTLM up -->
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceTypeBehaviors" >
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="XYZ">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="Cms.OrderMacroService" behaviorConfiguration="MyServiceTypeBehaviors">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="MyBindingForWindowsAuth"
contract="Cms.OrderMacroService" behaviorConfiguration="XYZ" />
<endpoint address="mex" binding="webHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Upvotes: 2
Reputation: 1
I was unable to find a solution to using AJAX-enabled WCF Service with a server that does not allow for anonymous access and forcing use of Windows Authentication. To resolve the issue I ended up changing the services from AJAX-enabled WCF Service (.SVC) to Web Service (.ASMX). Converting it to using Web Services and removing references to the services from within the Web.Config, allow the services to be accessed from JavaScript and do not cause authenication errors.
Upvotes: 0
Related Questions
- jQuery Ajax Web API call returns 401 unauthorized error when set only Windows authentication in IIS
- Cross-domain ajax request basic authentication
- .NET Ajax Call gives 401
- JQuery AJAX Call to MVC action , asking the Credentials in Windows Server 2008R2
- How To make ajax call authenticated with yourAuthCookie
- jquery ajax call for asp.net mvc application getting two unauthorized reponses then Ok
- JQuery Ajax + Windows Authentication = 401 Unauthorized
- jquery ajax calls form authentication issue
- Forms authentication with jQuery ajax
- Authenticate windows user using jquery