Question

When I deployed my WCF Data Services to production hosting I started to get the following error (or similar depending on which auth schemes are active):

IIS specified authentication schemes 'Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.

Apparently WCF Data Services (WCF in general?) cannot handle having more than once authentication scheme active.

OK so I am aware that I can disable all-but-one authentication scheme on the web application via IIS control panel .... via a support request!!

Is there a way to specify a single authentication scheme on a per-service level in the web.config?

I thought this might be as straight forward as making a change to <system.serviceModel> but... it turns out that WCF Data Services do not configure themselves in the web config. If you look at the DataService<> class it does not implement a [ServiceContract] hence you cannot refer to it in the <service><endpoint>...which I presume would be needed for changing its configuration via XML.

P.S. Our host is using II6, but both solutions for IIS6 & IIS7 appreciated.

Was it helpful?

Solution

Firstly it is possible to configurate Data Services on the web config file. The contract used by the DataService is called System.Data.Services.IRequestHandler.

Here is what you can do in the web config file to configurate it.

On the Service tag of the system.servicemodel element add the

<service name="{you service type name including the namespace i.e. myapplication.myservice}">
    <endpoint address="" binding="webHttpBinding" contract="System.Data.Services.IRequestHandler">
    </endpoint>
</service>

Once you have that there you can start configuring all manners of thing using the standard WCF configuration elements.

Secondly to enable or disabled authentication methods for a specific service in IIS you can do the following:

On the snap in for IIS right click your service file (i.e. yourservice.svc) and click properties. Once in properties go to File Security Tab and chose the Edit button on the authentication and access control group box. after that it is just like setting up directory security in IIS.

As a last suggestion as per any trouble shooting goes it is important to enable the wcf disgnostics while you configurate it using the xml configuration, being written in WCF, Data Service logging is as per wcf is rich and very informative.

you can find out more about that on WCF Administration and Diagnostics

I hope i was able to help you with your problem

let me know how things goes.

Regards

Daniel Portella

UPDATE:

Hi Schneider

To specify the authentication scheme in the xml read below

For windows authentication as a example

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="MyBindingName" >
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <services>
      <service name="{you service type name including the namespace i.e. myapplication.myservice}">
        <endpoint address="" binding="webHttpBinding" bindingConfiguration="MyBindingName" contract="System.Data.Services.IRequestHandler">
        </endpoint>
      </service>
    </services>
  </system.serviceModel>
</configuration>

For other types of authentication please check the MSDN library for examples

Common Scenarios for security

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow