1

We have a common dll(API) which is responsible from hosting fileless .svc service on the seperate web applications. So our API is referenced by different web applications. As a service endpoint we use BasicHttpBinding and as a security mode we use "BasicHttpSecurityMode.None" on the API.

If for the web application on the IIS "Anonymous Authentication" is enabled our fileless *.svc is successfully being hosted and we can call it from browser and can see the metadata.

On the other hand if for the web application on IIS "Anonymous Authentication" is disabled and "Windows Authentication" is enabled we get the error :

"The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'MyService' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement."

I figured out how to solve the problem with the code given below. However I need to know authentication status of the web application on the IIS. I did not find programmatic way to figure out what is the current web application's authentication status. Maybe in the web application's web.config we can manually set specified authentication status.

web.config setting

<appSettings>
     <add key="IS_ANONYMOUS" value="True"/>
</appSettings>

Here the code block for creating Binding:

     public BasicHttpBinding GetBasicHttpBinding( string bindingName, bool isAnonymous ) {

        BasicHttpBinding binding = new BasicHttpBinding();
        binding.Security.Mode = BasicHttpSecurityMode.None;

        if (!isAnonymous) {
            binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
            binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
            binding.Security.Transport.Realm = "";
            binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
            binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default;
        }

        binding.Name = bindingName;
        binding.MaxReceivedMessageSize = int.MaxValue;
        binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
        return binding;
    }

Here how we host the service:

    internal static ServiceHost CreateServiceHost( Type implementedContractType, Type serviceType, Uri[] baseAddresses ) {
        ServiceHost host = new ServiceHost( serviceType, baseAddresses );
        BasicHttpBinding binding = GetBasicHttpBinding( serviceType.Name, false );
        host.AddServiceEndpoint( implementedContractType, binding, "" );
        return host;
    }

My question is how to create service host not to be affected from the web application's authentication status. Is there any way to create fileless .svc file without being aware of web application's authentication status and can be anonymously accessed?

Nazim
  • 639
  • 2
  • 10
  • 26
  • If it is any consolation... this is how i do it. I think you CAN reach into IIS runtime and get this info, but it is not straight forward. Also, which version of iis do you target... here is a solution for 7: http://stackoverflow.com/questions/6495731/asp-net-code-to-detect-whether-iis-windows-authentication-is-enabled – felickz Feb 19 '13 at 12:19
  • Our target web applications are on IIS 6 and 7, so we do need general solution. – Nazim Feb 19 '13 at 12:26

0 Answers0