Wcf – Calling an HTTPS WCF service with Anonymous authentication

iiswcf

Even though anonymous access is enabled on the Virtual Directory of the WCF service and Integrated Authentication is disabled, I still get the error:

The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'Negotiate,NTLM'.

This is what the security definition on client binding configuration looks like:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="None" negotiateServiceCredential="false" />
</security>

And the endpoint definition:

<endpoint address="https://url.com/Service.svc"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
            contract="IService" name="WSHttpBinding_IService">
            <identity>
                <servicePrincipalName value="spn" />
            </identity>
</endpoint>

I've already tried adding:

client.ClientCredentials.Windows.AllowedImpersonationLevel =  System.Security.Principal.TokenImpersonationLevel.Impersonation;

But it doesn't seem to have any effect.

Is there something on IIS that I need to change?

[EDIT]

Service configuration:

<behaviors>
   <endpointBehaviors>
      <behavior name="defaultBehavior"/>
   </endpointBehaviors>
   <serviceBehaviors>
      <behavior name="metadataSupport">
         <serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
         <useRequestHeadersForMetadataAddress>
            <defaultPorts>
               <add scheme="https" port="443" />
            </defaultPorts>
         </useRequestHeadersForMetadataAddress>
      </behavior>
   </serviceBehaviors>
</behaviors>
<services>
   <service name="ServiceLibrary.Service"
            behaviorConfiguration="metadataSupport">
      <endpoint address=""
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                contract="ServiceLibrary.IService"/>
      <endpoint address="mex"
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                name="mexHttps"
                contract="IMetadataExchange" />
   </service>
</services>
<bindings>
   <wsHttpBinding>
      <binding name="wsSecureBinding">
         <security mode="Transport"/>
      </binding>
   </wsHttpBinding>
</bindings>

Best Answer

Modify your binding configuration in service to:

<bindings>
    <wsHttpBinding>
        <binding name="wsSecureBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

It expects Windows credentials by default.

Related Topic