Integrated Windows Authentication in WCF on IIS 6.0

wcf iis authentication
12,767

Solution 1

From my experience with WCF it's quite tough to get everything configured correctly - alot of trial and error! I did however find the following link extrememly useful as it provides checklists for different scenarios: CodePlex - WCF Security Guide and the main WCF section: WCF Security.

I went through the checklist for my application scenario and the issues were ironed out. Hope that helps!

Solution 2

After some digging, I finally discovered that this works if you change "Windows" to "Ntlm". I never could get it to work with Kerberos but you mention not wanting to use certificates anyway.

If you're still having trouble, you might look at what's in the IIS metabase for the site in question under NTAuthenticationProviders. If you want to use only Ntlm, you'll need to set that string to just "NTLM", and you'll need to make sure it says "Ntlm" not "Windows" in your transport clientCredentialType or you'll get the exception you quoted in your original post.

Conversely, if anyone is experiencing this error and they WANT to use Kerberos certificates if available, they should check to see if the metabase NTAuthenticationProviders says "Negotiate,NTLM". This is the default, but is mysteriously different for me on a VM on which I was trying to run a WCF service today (which ultimately brought me to this thread!)

Share:
12,767
DigiDamsel
Author by

DigiDamsel

Updated on June 29, 2022

Comments

  • DigiDamsel
    DigiDamsel almost 2 years

    I need to implement Integrated Windows Authentication for a WCF service hosted on IIS 6.0 (Windows Server 2003) without certificates. The requirement is to simply authenticate Windows Credentials of users within a particular Active Directory group when they hit the service. The Framework version being used is 3.0.

    WCF Configuration:

    The following is the "bindings" portion of the web.config file for the service:

    <bindings>
<basicHttpBinding>
<binding name="Binding1">
    <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Windows" />
    </security>
</binding>
</basicHttpBinding>

</bindings>

    There is no "mex" endpoint.

    Even though the virtual directory's as well as the .svc file's security settings have "Integrated Windows Authentication" selected in IIS, the following error occurs when the .svc file is navigated to:

    Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

    The following are the other details of the hosting of the service:

    • The service runs under a separate App Pool
    • The App Pool is running under a separate privileged account configured under the "Identity" tab of the App Pool.

    I have seen numerous other questions along these lines, but none of the fixes actually rectifies this problem. Your inputs would be greatly appreciated.

  • DigiDamsel
    DigiDamsel almost 15 years
    Thanks for that, but "Enable Anonymous Access" is surely unchecked.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I implement Client Certificate authentication the right way?
How to prevent browser from prompting for a client certificate and allow the IIS to accept it (not require it)?
401 Client 'Negotiate', Server 'Negotiate,NTLM' When Calling WCF Server to Server
500 Server error when hosting WCF
HTTP Error 401.0 - Unauthorized
HTTP Error 500.19 - Error Code 0x80070021
Is Application_Start of Global.asax is called by iis on wcf application when the iis is the host ?
Authentication using HTTP Authorization Header in WCF SOAP API
WCF transport security with no authentication
EndpointNotFoundException - 404 - Hosting WCF Service over HTTPS in IIS through Visual Studio