WebServiceHostFactory and IIS authentication

Question

I encounter a problem with using the WebServiceHostFactory in IIS.

"IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used."

I wanted to keep both authentication schemes and managed to do so by not using the factory but setting up the endpoint manualy in web.config.

My question is what is WebServiceHostFactory doing to get this result? I was under the impression that WebServiceHostFactory would set the binding to the same webHttpBinding that I used in my config.

Edit: I have looked at WebServiceHostFactory in reflector and it is not doing anything clever. It is just a simple factory for the WebServiceHost.

Does IIS still use a service host if you set up the endpoint in config? Or is the WebServiceHost setting things up differently.

score 3 · Accepted Answer · answered Jun 08 '11 at 01:34

3

This is what worked for me. Adding a dummy endpoint early on (before the service host is opened) as shown below seems to have done the trick. (This MSDN article hinted at this http://msdn.microsoft.com/en-us/library/bb412178.aspx.)

public class MyWebServiceHost : WebServiceHost
{
    public MyWebServiceHost (Type serviceType, params Uri[] baseAddresses) : base(serviceType, baseAddresses)
    {
        // Inserting this dummy endpoint config seemingly does the trick:
        AddServiceEndpoint(typeof(IMyContract), new WebHttpBinding(), string.Empty);
    }

    protected override void ApplyConfiguration()
    {
        // Typical programmatic configuration here per:
        // http://msdn.microsoft.com/en-us/library/aa395224.aspx
    }
}

I'm guessing this prevents WebServiceHost from creating a default endpoint, and thus shutting down a bunch of functionality.

answered Jun 08 '11 at 01:34

Mike Murphy

56
4

I am not able to test this answer as this was asked a while ago and I worked around the problem then got a new job but if you say it works then that's good enough for me. – Graham Ambrose Jun 10 '11 at 16:06
I don't understand where I should reference that MyWebServiceHost – JDC Mar 27 '12 at 07:22
I had the same problem and I was able to get it working. I had to write two classes: `MyWebServiceHostFactory` and `MyWebServiceHost`. In the factory class, I overrode the `ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)` method and had it return an instance of `MyWebServiceHost`. `MyWebServiceHost` looks like the one in this answer, but I didn't override `ApplyConfiguration()`. – Brian Ball Jul 11 '12 at 17:46

score 1 · Answer 2 · answered Jun 19 '09 at 08:16

1

I'm not sure about the WebServiceHostFactory, but it sounds like you're hosting the service inside IIS and it's got more than one authentication method selected. If you've got IIS 5 or 6, try going into IIS and viewing the properties for the website or virtual directory containing your service. Go to the Directory Security tab, click the Edit button under "Anonymous access and authentication control", and then un-tick either "Anonymous access" or "Integrated Windows authentication". I'm not sure about IIS7.

answered Jun 19 '09 at 08:16

Graham Clark

12,886
8
50
82

1

Problem with that is that you then **can't debug an anonymously accessed** web site. An **unsatisfactory** work around is to compile with a single authentication then just before you debug switch the other one on, in IIS. This works but is time wasting and annoying. I've seen .NET 3.5 sites developed for years without this issue ever happening. With .NET 4 sites my experience has been worse. _(There's a possibility to alter web site authentication from MSBuild file, but I couldn't find a ready built task to do that.)_ – Mike Gale Sep 29 '11 at 02:25
1

Sorry but is said he wanted to keep both authentication schemes... Your answer was not helpful in that regard. – LDAdams Mar 01 '12 at 15:32

score 1 · Answer 3 · answered Nov 22 '09 at 15:25

Under IIS7 you might not find where you can manage the Integrated Windows Authentication setting. In order to see the setting in IIS7 management console, you need to follow steps described in the following article: http://msdn.microsoft.com/en-us/library/x8a5axew.aspx (titled as "Error: Debugging Failed Because Integrated Windows Authentication Is Not Enabled", if link is not functional).

Hope it helps.

m-khonsari · Answer 4 · 2013-07-08T06:03:29.927

-1

disable security in web.config-> configuration tag

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding>
          <security mode="None">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>

then your wcf service doesn't need authentication...

edited Jul 08 '13 at 06:03

answered Feb 17 '13 at 11:50

m-khonsari

978
6
9

This is just some code... please provide some explanation. It's not an answer to question. – Kapitán Mlíko Feb 17 '13 at 12:12
You really need to provide some form of explanation (rather than just a code sample) when providing an answer. – John Parker Feb 17 '13 at 12:13

WebServiceHostFactory and IIS authentication

4 Answers4

Linked