C# – The authentication schemes configured on the host (‘Basic’) do not allow those configured on the binding ‘BasicHttpBinding’

asp.netcwcf

Error

The authentication schemes configured on the host ('Basic') do not
allow those configured on the binding 'BasicHttpBinding'
('Anonymous'). Please ensure that the SecurityMode is set to
Transport or TransportCredentialOnly. Additionally, this may be
resolved by changing the authentication schemes for this application
through the IIS management tool, through the
ServiceHost.Authentication.AuthenticationSchemes property, in the
application configuration file at the
element, by updating the ClientCredentialType property on the binding,
or by adjusting the AuthenticationScheme property on the
HttpTransportBindingElement.

Do you know where is problem in web.config? I try log into WCF via basic authentication using windows credentials.

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Windows" />
    <customErrors mode="Off"/>
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <bindings>
      <basicHttpBinding>
        <binding name="basicEndpoint">
          <security mode="Transport" >
            <transport clientCredentialType="Basic"
                       proxyCredentialType="None"
                       realm="" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="BasicAuthHttpModule"
        type="Wt.BasicAuthHttpModule, Wt"/>
    </modules>
  </system.webServer>

</configuration>

Best Answer

It seems you are using the Simplified Configuration for WCF Services.

If you do not explicitly specify your endpoint service and its bindingConfiguration, WCF would do the following:

It will associate the default binding to the protocol used (scheme).
It will load the default bindingConfiguration of the binding type.

For the protocol mapping see this explanation Simplified Configuration

The default bindingConfiguration does not have a name, so if you give a specific name to your basicHttpBinding configuration you are not overwriting the default binding configuration. It should be instead

<basicHttpBinding>
    <binding>
        <security mode="Transport">
            <transport clientCredentialType="Basic"
                proxyCredentialType="None"
                realm="" />
        </security>
    </binding>
</basicHttpBinding>

Related Solutions

Wcf Basic authentication

Change the name and contract of the service to include the namespace.

Also, remove the endpoint address (set it to "") and don't include proxyCredentialType in the transport tag.

End result of the web.config should look something like this

  <system.serviceModel>

    <services>
      <service name="MyNameSpace.MyService" behaviorConfiguration="asdf">
        <endpoint address="" binding="basicHttpBinding" 
            bindingConfiguration="httpBinding" contract="MyNameSpace.IMyService" />
      </service>
    </services>

    <diagnostics>
      <endToEndTracing activityTracing="true" messageFlowTracing="true" 
          propagateActivity="true">
      </endToEndTracing>
    </diagnostics>

    <bindings>
      <basicHttpBinding>
        <binding name="httpBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="asdf">
          <!-- To avoid disclosing metadata information, set the value below to 
               false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, 
               set the value below to true.  Set to false before deployment to avoid 
               disclosing exception information -->
          <serviceDebug  includeExceptionDetailInFaults="true" />

        </behavior>
      </serviceBehaviors>
    </behaviors>

    <serviceHostingEnvironment multipleSiteBindingsEnabled="false"/>

  </system.serviceModel>

C# – Make Wcf Service IntegratedWindowsAuthentication

In .Net 4.0+, Simplified WCF configuration uses the 'anonymous' configurations when configurations are not explicitly set on a per-services basis in the <services> section. If you remove the name="BasicHttpEndpointBinding" from the <binding> element, or if you duplicate that <binding> element as a new element with no name attribute, it will become the default, anonymous binding that your WCF services will use. This is often useful in cases where you need to serve as well as consume WCF services that may not all have the same config - but at least you can set a default config for the services that do not have a specific config set. The default/anonymous concept is also applicable to <behavior> elements.

<bindings>
  <basicHttpBinding>
    <binding> <!--Notice, no name attribute set-->
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

Also, I might add that if your WCF services require authentication, this means that you will either need to consume the service using a real user account, or you will need to grant the the DOMAIN\CLIENTCOMPUTERNAME$ account access to the service - so, perhaps the proper solution for many people may be to alter the configuration to instead allow anonymous access (which is not discussed in my answer). Still, I do sometimes actually elect to secure my WCF services with Windows (Kerberos) authentication.

Best Answer

Related Solutions

Wcf Basic authentication

C# – Make Wcf Service IntegratedWindowsAuthentication

Related Topic