.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Posted By:      Posted Date: September 22, 2010    Points: 0   Category :WCF



We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

View Complete Post

More Related Resource Links

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

WCF service hosted in IIS 7 returning error "Security settings for this service require 'Anonymous'

Using the CalculatorService provided as a WCF sample from MSDN, I tried to host it as an application in IIS 7. The virtual folder in IIS is configured as Basic Authentication enabled and Anonymous Authentication disabled. I don't have any certificates setup. This is all hosted in a single machine setting. Each time I access the service through a browser, I'm getting the error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service".

Below is my web.config --

Can someone please provide some answer, I don't want to enable Anonymous authentication in IIS. I even set the 

aspNetCompatibilityEnabled = true.

<?xml version="1.0"?>


Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

Unable to call an asmx web service using windows authentication from a Service workflow

Hello, I need to use an existing asmx service from inside my service workflow and I am unable to call it. This asmx service is hosted in a web application with iis set to windows authentication, anonymous is not allowed. I need to send the authentication, only way seems too be using transport for basicHttpBindings. Every time I try to call the service I get an error saying that there is nothing listening to the url of the service generated automatically by VS when I added the Service Reference ? my web config <configuration> <configSections> </configSections> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <protocolMapping> <add scheme="http" binding="wsHttpBinding" bindingConfiguration="WindowsCreds" /> </protocolMapping> <bindings> <basicHttpBinding> <binding name="UtilitiesSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"

Best Practice for Windows Service "Settings" (Configuration) with .Net (C#) ???

Background:   I'm developing a Windows service using C# and .Net 3.5.  The behavior of the service should be controlled by some settings.  The settings will vary per host-computer but will not vary per user (which should be understandable since the settings control behavior of a service.)  A GUI panel of sorts must be provided to set-up and modify the settings that control the service behavior.Secondly, there is a "locally installed application" that has its own settings and those settings also vary per host-computer so all users of that computer would experience the same settings.  (Seemingly analogous maybe to a connection string but not a connection string.)Note that I do NOT perceive any need for Click-once support, web support, and so forth.  Translation:  I think I need the simplest darn type of settings support, the old "dinosaur" level of requirements not much more sophisticated than INI files used to be. I've researched using the "built-in" settings that make use of the Settings Visual Designer in VS 2008 and  System.Configuration.ApplicationSettingsBase.  It seems that: 1.  Application Settings cannot be changed at runtime.  MSFT documentation indicates the software must be shut down and settings must be modified by patching the XML with a text editor (notepad et al.)  The framework specifically prohibits application settings from being

Silverlight enabled web service security error

I tried to create a SL enabled Web Service by following the example from the Microsoft link: http://msdn.microsoft.com/en-us/library/cc197940(VS.95).aspx When I got to step 6 to test the web service that I created (View in Browser), I got the following error:  Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. My IIS is located on my local machine with Windows Integrated Authentication and Anonymous access unchecked. After checking the Anonoymous access checkbo, I still got the above error. I have read other post on the Internet that Silverlight uses BasicHttpbinding but the settings in the web.config file was created by Visual Studio 2010 (running .NET 4.0), so I didn't think I need to mess with it. The following is the section from the web.config: <system.serviceModel>   <behaviors>    <serviceBehaviors>     <behavior name="">      <serviceMetadata httpGetEnabled="true" />      <serviceDebug includeExceptionDetailInFaults="false" />     </behavior>    </serviceBehaviors>   </behaviors>   <bindings>    <customBinding>     <binding name=

WPF consuming WCF Service with Windows Authentication - Not Working

Hi I am developing a WPF application in .NET 4.0 which calls a WCF Service hosted on the server developed in .NET 4.0. I want to use windows authentication for this purpose and it seems that it is not working and keep on giving me following error. The provided URI scheme 'http' is invalid; expected 'https'. Parameter name: via I do not want to use https as this is an Intranet application. The WCF Service inturn calls SQL Server SPs via Entity Framwork 4.0. Following is the Web.Config for WCF Service. <?xml version="1.0"?> <configuration> <connectionStrings> <add name="MsdbEntities" connectionString="metadata=res://*/MsdbModel.csdl|res://*/MsdbModel.ssdl|res://*/MsdbModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=lvapxdev\lvw_uat_02;Initial Catalog=msdb;Integrated Security=SSPI;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" /> </connectionStrings> <appSettings> <add key="IndexLoaderInstallDirectory" value="D:\Longview\Index Loader\"/> </appSettings> <system.web> <compilation debug="true" targetFramework="4.0" /> <customErrors mode="Off"/> <authentication mode="Windows"></authentication> </syst

how to store credentials with windows authentication in reporting service for subscription

when I try to set up a subscription, I get this error message: "Subscriptions cannot be created because the credentials used to run the report are not stored or if a linked report, the link is no longer valid" I use a datasource which use windows credentials to access a database which contains stored procedure with OpenRowset query to access cube data in analysis service on the same server.  I have to use windows credentials to access cube data in analysis service.  How can I store the credentails with windows credentials? I appreciate your help!

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

nettcpbinding with windows security in iis hosted service


Hi ,

I have hosted service in iis. How can i verify my service (transport mode)is using windows authentication for client.

when i use basichttpbinding and set clientCredentialType to windows, but iis with anonymous. When i browse svc, as expected i get error that secrurity setting of servcie needs windows but iis is configured as anonymous. Similar i see expected bheavior when service is configred for anonymous, but iis is configured for windows.

But when i use nettcpbiding, irrespective of what my iis setting is (windows/anonymous), if i configure service for windows and i browse svc file. I am always able to do to without any error. when service is configured for windows and iis for anonymous; shouldn't i get an error (as seen in case of basichttpbinding)



Net.TCP Endpoint; Windows Authentication security; client can connect to a server at localhost but n


Hey all, so here's what going on:

I have a WCF Service that I have setup as a Windows Service.  Everything works perfectly when I attempt to use the system with all of the components (i.e. server and clients) on the same machine.  However, when I try to connect my client from a different system, I get an error that is trying to tell me that the server rejected the client's credentials.

I need the client to the able to connect from a different machine.  I want to implement a SQL Role Provider kind of credentialing in the future, but for now, I just need it to work.

What I have tried
I have looked around online and read a few other posts as well some things in the MSDN KB and I have either not found the answer, or not understood it.

  • I have tried setting the <security mode="Transport"> to "None" with the hope that that would disable the accreditation entirely.  All it did was result in a different error saying that there was an error that might have been caused by an invalid message.  I have also tried a few other configurations with this element in the app.config file; to no success.
  • I have read some things about Impersonation, but I am not quite sure I understand how to implement it

How to enable windows authentication for a RESTFul web service which is not hosted in IIS


I have created a WCF RESTFul webservice by following http://msdn.microsoft.com/en-us/library/dd203052.aspx. I am hosting my RESTful webservice in a window service (and not IIS) using the WebServiceHost class. 

Now I am struggling to get user's windows credentials in my web service methods. I looked at various code samples in forums for this. Almost all of them are hosting the service in IIS plus configuring  the service's settings using <system.serviceModel> tag.

I don't want to host my service in IIS plus as of now I haven't overridden any EndPoints, Behaviours etc in .config file.

I tried with below code in my window service's onstart method

WebServiceHost host = new WebServiceHost(typeof(MyService), new Uri(_serviceUrl));

ServiceAuthorizationBehavior myServiceBehavior = host.Description.Behaviors.Find<ServiceAuthorizationBehavior>();
myServiceBehavior.PrincipalPermissionMode = PrincipalPermissionMode.UseWindowsGroups;


After putting above code I queried ServiceSecurityContext.Current and System.Threading.Thread.CurrentPrincipal  my RESTFul's method but they are showing no sign of return

How do I add a service reference when Basic Authentication has been enabled


I am trying to enable Basic Authenticaion for my WCF service, whicn requires disabling anonomous athentication and enabling basic authenticaion in IIS. Now I am unable to add the service reference, which is requiring authentication to complete and getting the following error:

Metadata contains a reference that cannot be resolved: 'https://l01billm/wcf4test/Service1.svc'.
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was ''.
The remote server returned an error: (401) Unauthorized.
If the service is defined in the current solution, try building the solution and adding the service reference again.

Windows Authentication between WCF service & SQL Server



We have a WCF service with net tcp binding using windows authentication hosted on Server A and SQL database on server B. Both servers are in intranet. We need to implement Windows authentication between WCF service & SQL server.

Can anybody explain the stpes for achieving the same.


Web service Windows Digest Authentication


I have created a web service and installed it on web server. I am using that service through client application without Authentication.

For using this service I have added web service reference with public IP of web server, it's working correctly

Note:-Both web server and client application are in same domain.

Now I am implementing the windows digest authentication in web service.But when i add the reference with public IP of web server in client application then Request is Timed Out.(ie.No response from web server within 110 seconds.)

If I add the reference with domain IP then it works correctly.

 Now my question is what is difference between adding reference with Public IP and Domain IP ?

And how it is related to windows Digest Authentication ?

Windows Service Applications Tutorials

You can easily create services by creating an application that is installed as a service. For example, suppose you want to monitor performance counter data and react to threshold values. You could write a Windows Service application that listens to the performance counter data, deploy the application, and begin collecting and analyzing data.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend