Wcf – How to use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS

basichttpbindingsslwcfwcf-bindingwcf-security

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)

The site is hosted on IIS 7, with the following authentication set up:

  • Anonymous access: OFF
  • Basic authentication: ON
  • Integrated Windows authentication: OFF

Service Config:

<services>
  <service name="NameSpace.SomeService">
    <host>
      <baseAddresses>
        <add baseAddress="https://hostname/SomeService/" />
      </baseAddresses>

    </host>
    <!-- Service Endpoints -->
    <endpoint address="" binding="basicHttpBinding"
              bindingNamespace="http://hostname/SomeMethodName/1"
              contract="NameSpace.ISomeInterfaceService"
              name="Default"
                      />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <exceptionShielding/>
    </behavior>
  </serviceBehaviors>
</behaviors>

I tried 2 types of bindings with two different errors:

  • 1. IIS Error:

    'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].

    <bindings>
   <basicHttpBinding>
     <binding>
       <security mode="TransportCredentialOnly">
         <transport clientCredentialType="Basic"/>
       </security>
     </binding>
   </basicHttpBinding>
 </bindings>
  • 2. IIS Error:

    Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

     <bindings>
   <basicHttpBinding>
     <binding>
       <security mode="Transport">
         <transport clientCredentialType="Basic"/>
       </security>
     </binding>
   </basicHttpBinding>
  </bindings>

Does anyone know how to configure this correctly? (if is it possible?)

Best Answer

After some digging and asking some questions to a few colleagues, we finally solved the problem.

Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.

IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)

WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.

The binding configuration of the service:

<bindings>
  <basicHttpBinding>
     <binding>
        <security mode="Transport">
           <transport clientCredentialType="Basic" />
        </security>
     </binding>
  </basicHttpBinding>

And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.

Deleted:

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
Related Topic