.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

wsHttpBinding with Windows Authentication and Message Security

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :WCF


I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

View Complete Post

More Related Resource Links

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Security settings for this service require Windows Authentication but it is not enabled for the IIS




We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

Net.TCP Endpoint; Windows Authentication security; client can connect to a server at localhost but n


Hey all, so here's what going on:

I have a WCF Service that I have setup as a Windows Service.  Everything works perfectly when I attempt to use the system with all of the components (i.e. server and clients) on the same machine.  However, when I try to connect my client from a different system, I get an error that is trying to tell me that the server rejected the client's credentials.

I need the client to the able to connect from a different machine.  I want to implement a SQL Role Provider kind of credentialing in the future, but for now, I just need it to work.

What I have tried
I have looked around online and read a few other posts as well some things in the MSDN KB and I have either not found the answer, or not understood it.

  • I have tried setting the <security mode="Transport"> to "None" with the hope that that would disable the accreditation entirely.  All it did was result in a different error saying that there was an error that might have been caused by an invalid message.  I have also tried a few other configurations with this element in the app.config file; to no success.
  • I have read some things about Impersonation, but I am not quite sure I understand how to implement it

Defining both transport and message security on a wsHttpBinding client



My customers requirement was to find a way of performing mutual authentication with ISA 2006 using WCF 3.5 and client certificates. I achieved this easily enough using a security mode of transport and defining a client certificate in the endpointbehavior. I had to jump through some hoops on the ISA as well.

The customer also has a requirement for message security at the service which is behind the ISA server.

I therefore need my service to only require message security but for the client to navigate both transport (for ISA) and message (for the service) security.

After a little reading I am not sure this is possible using out of the box bindings, particularly wsHttpBinding. Could someone confirm this?

Additionally, I have read that IF both transport and message security are defined using certificates, that it must be the same certificate. My question here would be, what bindings are there that allow both transport and message security and why must the same certificate be used for both?

Many thanks for any help you can give.


Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

Using windows authentication to access SQL when using ASP.NET 4.0 via COM+


I am using SQL Server 2008 under windows authentication, front end is ASP.NET which uses COM+ to access database.

COM+ components are configured to run as domain user.

When looking through the logs (SQL Profiler), I can see the login name as the configured identity instead of windows indentity.

I have got Website running under "Intergrated Windows Authentication" and database is running locally on webserver.

Web configure contains entry for <identity impersonate="true"/>.

My connection string is

connectionString="data source=db01\test01;initial catalog=test; integrated security=SSPI;persist security info=False; Trusted_Connection=Yes"

Any ideas?




Cloud Security: Crypto Services and Data Security in Windows Azure


Many early adopters cloud platforms have questions about security. We review some of the cryptography services and providers in Windows Azure along with some security implications for applications in the cloud.

Jonathan Wiggs

MSDN Magazine January 2010

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Security: Applying Cryptography Using The CNG API In Windows Vista


Cryptography Next Generation (CNG) is meant to be a long-term replacement for the CryptoAPI, providing replacements for all of the cryptographic primitives it offered.

Kenny Kerr

MSDN Magazine July 2007

Desktop Security: Create Custom Login Experiences With Credential Providers For Windows Vista


Why is a change to the Windows logon plug-in interface so exciting? Because with credential providers you can customize the logon experience for your users.

Dan Griffin

MSDN Magazine January 2007

Security Briefs: Security in Windows Communication Foundation


Windows Communication Foundation provides three major protections- confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.

Keith Brown

MSDN Magazine August 2006

Security: Unify Windows Forms and ASP.NET Providers for Credentials Management


The .NET Framework 2.0 provides custom credentials management to ASP.NET apps out of the box. Using it, you can easily authenticate users without using Windows accounts. In this article the author presents a set of helper classes that let a Windows Forms application use the ASP.NET credentials management infrastructure as easily as if it were an ASP.NET application.

Juval Lowy

MSDN Magazine April 2005

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend