I created a quick and simple Web Service using the Microsoft Windows Communication Foundation (WCF) to test how it was going to work with SharePoint 2010.  It was working well until I decided I wanted to add a bit more security to it and remove the anonymous access to the web site through IIS. After that when I would try and go to the page  I would get this weird message that the application required anonymous access to be enabled.  Here is the message that you get in your browser.

Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.

Great…  Thanks MS, that’s a big help. I had followed one of the MS tutorials and it worked great as long as you left anonymous access turned on.

I started doing Google searches on WCF and Windows Authentication and discovered that WCF will only work with anonymous access if you bind the endpoint to wsHttpBinding.  Most of the pages kept saying that you had to switch to basicHttpBinding and then set the  “security mode=”TransportCredentialOnly”.  Great!  A solution!   But maybe not…

I found another site that said I had to add a <bindings> section to the Web.config and that is were you can set the security mode. This is what they showed on their page.

<bindings>
<basicHttpBinding>
<binding name=”MyBinding”>
<security mode=”TransportCredentialOnly”>
<transport clientCredentialType=”Windows” />
</security>
</binding>
</basicHttpBinding>
</bindings>

So I added the <bindings> section, set the security mode and tried the page again.  No good…  I still go the same error staring me down.  I had changed the endpoint binding to basicHttpBinding but it was still not working.  It was weird, I had never changed bindings in a web config like this so I started doing some more searching.  This time I had more information to search for.  I started looking on the MS site for basicHttpBinding and properties and configuration.  I finally found what I was looking for.

While adding the section above to the Web.config did change the security mode, it only does it for that named instance.  See up there where it has the <binding name=”MyBinding”>, that is the named instance or configuration that has been changed.  In the endpoint you set binding=”basicHttpBinding” but then you have to add a configuration setting as well.  So for this one you also have to add bindingConfiguration=”MyBinding” to the line as well.   After I added this little part it all started to work as required.

<system.serviceModel>
  <bindings>
     <basicHttpBinding>
          <binding name="WindowsMethod">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="JT_WS.Service1Behavior"
        name="JT_WS.Service1">
        <endpoint address=""
                  binding="basicHttpBinding"  
 bindingConfiguration="WindowsMethod" 
                  contract="JT_WS.IJobTickets">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex"
                  binding="mexHttpBinding"
                  contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="JT_WS.Service1Behavior">
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

 

Note 1, remember that the Web.config is just an XML document so it is case sensitive.  Make sure that you have the name of the binding correct.  (Not that I did that or anything……)  🙂

Note 2, yeah, the bindings section goes inside the system.serviceModel.  Just make sure that you have all the required settings with it.