Windows authentication for WCF web services over Http


I’ve just spent good 3 hours trying to configure .svc enpoints to force Windows authentication over HTTP. Oh how I hate this WCF configuration madness.

The end result however was actually quite simple.

                <behavior name="svcEndpoint">
                    <enableWebScript />
                <behavior name="defaultService">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="false" />
                        <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
                    contract="MyApplication.Services.MyService" />
                <binding name="webBinding">
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Windows" proxyCredentialType="Windows">

Whilst trying to make things work I’ve faced these errors:

  • The authentication schemes configured on the host (IntegratedWindowsAuthentication) do not allow those configured on the binding WebHttpBinding (“Anonymous”). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
  • Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http].

Thankfully now they’re all gone. © 2017. All rights reserved.