While deploying a Silverlight application on IIS today, I learned several new things. Let me express my observations; This post is going to describe the security settings for WCF service in web.config. To start, I assume that you are using either Windows or Forms authentication and denying all the anonymous users as described in a previous post.
First, make sure to remove the mexHttpBinding endpoint as this requires you to enable anonymous access to the website in IIS. The mexHttpBinding endpoint will look something like:
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
BasicHttpBinding
Typically, in your application, you will also be using some custom basicHttpBinding configuration for your WCF service endpoint, like this one:
<endpoint address="" binding="basicHttpBinding" contract="SilverlightApplication.Web.WCFService" bindingConfiguration="myCustomBasicHttpBinding" />
Using a custom binding allows you to configure buffers and quotas as described in this post. The definition of this custom binding will look something like:
<bindings> <basicHttpBinding> <binding name="myCustomBasicHttpBinding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> </bindings>
The <transport clientCredentialType=”None”/> is the main point of interest here. If you are using Forms Authentication, you need to allow anonymous access through IIS and set the clientCredentialType to None. If you want to run your application under Windows Authentication, you should use clientCredentialType="xxxx" where xxxx is the corresponding IIS authentication type. So, to work with Integrated Windows/Basic/Digest/NTLM Authentication, the xxxx should be replaced by Windows/Basic/Digest/Ntlm respectively.
Update: Custom Binary Binding
Similar change is required for custom binary binding:
<customBinding> <binding name="myCustomBinaryBinding"> <binaryMessageEncoding > <readerQuotas ... /> </binaryMessageEncoding> <httpTransport authenticationScheme="Anonymous" ... /> </binding> </customBinding>
Again, the point of interest is the authenticationScheme attribute in the httpTransport element that needs to match the IIS authentication setting (e.g. Anonymous for Forms Authentication, Ntlm/Basic/Digest for Windows Authentication).
This way, the WCF service should work without any problems.
Mehroz's Experiments 
February 20, 2009 at 1:49 PM
Nice article there. You might just have saved me some headaches.
February 20, 2009 at 4:42 PM
Glad to learn that, Pete.
Thank you.
August 1, 2009 at 2:00 AM
Thanks for the info, much appreciated.
November 29, 2009 at 4:55 PM
Good information, thanks. However the title is a bit off the mark. I will definately use this information when I am successful in actually deploying my WCF service to IIS 7. Thanks
March 10, 2010 at 5:39 PM
You are a gem. I think people like you should be doing webcast and MSDN for MS. I had been banging my head whole day long to get my Silverlight app communicate with WCF service hosted in IIS but to no avail. After going through your post things worked like a charm.
I believe so called MS geeks and technology leaders should start putting together some pragmatic references rather than floating videos and text around on creating armature Hello World applications.
April 25, 2010 at 7:00 PM
I have switched to .NET Framework 4.0. The web.config is totally different – it’s now only a few lines. Any idea how to translate the above to 4.0? Thanks.
June 18, 2010 at 11:35 AM
I exactly follow the above procedure. But, i am getting the following error when i am opening wcf service after deploying it onto IIS
The type ‘WebPage.Web.Service1’, provided as the Service attribute value in the ServiceHost directive, or provided in the configuration element system.serviceModel/serviceHostingEnvironment/serviceActivations could not be found.
please, can any one help?
August 18, 2010 at 7:16 PM
Hi,
I’m getting a similar error as swetha is.
I’m using IIS7(Vista).
Should the web.config file be in same place where the .svc file is?
Thanks in advance.