2

I'm having some difficulty setting up a WCF service to run under Windows authentication. The service is only consumed via jQuery using ajax.

IIS (version 6 on server 2003) is set to only allow Windows Authentication.

web.config has the <authentication mode="Windows" /> tag.

Here's the service section of the web.config:

<system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior name="AspNetAjaxBehavior">
        <webHttp />
    </behavior>
  </endpointBehaviors>
    <serviceBehaviors>
        <behavior name="ServiceBehavior">
            <serviceMetadata httpGetEnabled="true"/>
        </behavior>
    </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
    <service name="SearchService" behaviorConfiguration="ServiceBehavior">
        <endpoint address="http://localhost:9534/SearchService.svc" behaviorConfiguration="AspNetAjaxBehavior"
            binding="webHttpBinding" bindingConfiguration="webWinBinding"
            name="searchServiceEndpoint" contract="MyApp.Services.ISearchService">
        </endpoint>
    </service>
</services>
<bindings>
    <webHttpBinding>
        <binding name="webWinBinding" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
            <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows"/>
            </security>
            <readerQuotas maxArrayLength="100000" maxStringContentLength="2147483647" />
        </binding>
    </webHttpBinding>
</bindings>

The interface looks like this:

[ServiceContract(Namespace = "http://MyService.ServiceContracts/2012/02", Name = "SearchService")]
public interface ISearchService
{
    [WebGet(ResponseFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Bare, UriTemplate = "GetSomeData?filter={filter}")]
    [OperationContractAttribute(Action = "GetSomeData")]
    string GetSomeData(string filter);
}

And the implementation:

[ServiceBehavior(IncludeExceptionDetailInFaults = true)]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class SearchService : ISearchService
{
    public string GetSomeData(string filter)
    {
        // Call Database and get some results
        // return the results
        return "";
    }
}

When I navigate to the service in Internet Explorer, it prompts me for my username and password, despite having Windows Authentication turned on.

As soon as I enable Anonymous Authentication, the service loads just fine and everything works. Problem is, I have other things going on in the web application that require anonymous to be turned off.

I've scoured the web and can't find anything on this problem.

Chris Conway
  • 16,269
  • 23
  • 96
  • 113
  • Are the server and the browser internal and on the same domain? By default IE will not automatically logon unless it thinks the target computer is in the Intranet zone. Can you confirm that this is the case? – Phil Degenhardt Feb 05 '12 at 01:26
  • I just tried this on IIS 7.0 and I got the same behaviour you describe. I simply added http://localhost to the Intranet zone and it worked without prompting for credentials. – Phil Degenhardt Feb 05 '12 at 01:27
  • the server and browser are on the same domain. When I launch the properties window for the page, it does say that it is in the Intranet Zone and Protected Mode is off. – Chris Conway Feb 06 '12 at 18:19
  • My issue... https://stackoverflow.com/questions/54542109/wcf-rest-client-windows-authentication – Ziggler Feb 05 '19 at 23:18

0 Answers0