Whilst testing a WCF web service I got the error
The authentication schemes configured on the host (‘IntegratedWindowsAuthentication’) do not allow those configured on the binding ‘BasicHttpBinding’ (‘Anonymous’). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
Now this sort of made sense as the web services was mean to be secured using Windows Authentication, so the IIS setting was correct, anonymous authentication was off
Turns out the issue was, as you might expect, an incorrect web.config entry
<binding name=”windowsSecured”> <!—this was the problem –>
<transport clientCredentialType=”Windows” />
<service behaviorConfiguration=”CTAppBox.WebService.Service1Behavior” name=”CTAppBox.WebService.TfsService”>
<endpoint address=”” binding=”basicHttpBinding” contract=”CTAppBox.WebService.ITfsService”>
<endpoint address=”mex” binding=”mexHttpBinding” contract=”IMetadataExchange”/>
<!– To avoid disclosing metadata information, set the value below to false before deployment –>
<!– To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information –>
The problem was the basicHttpBinding had a named binding windowsSecured and no non-named default. When the service was bound to the binding it did not use the name binding, just the defaults (which were not shown in the config file).
The solution was to remove the name=”windowsSecured” entry, or we could have added a name to the service binding