How can I get serviceCredentials > windowsAuthentication > allowAnonymousLogons to work in WCF?

Question

I have a WCF service exposed as a netTcpBinding.

On the service side:

<netTcpBinding>             
    <binding> 
      <security mode="Message">
        <message clientCredentialType="Windows"/>
      </security>         
    </binding>
</netTcpBinding> ...
// Service behavior
<behavior>         
    <serviceCredentials>
       <windowsAuthentication allowAnonymousLogons="true" />
     </serviceCredentials>          
</behavior>

I am unable to access this service from a anonymous user on another machine. (Error: Negotiation failed redentials could not be verified.)

What does

<windowsAuthentication allowAnonymousLogons="true" />

do?

I want my service to be accessible to both windows and anonymous users over net tcp binding. I can do this using UserName validation, but how do I do this using Windows authentication?

Thanks

score 3 · Answer 1 · answered May 30 '13 at 15:25

Have you set the AllowedImpersonationLevel on the client?

<behaviors>
    <endpointBehaviors>
      <behavior>
        <clientCredentials>
          <windows allowedImpersonationLevel="Anonymous"/>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
</behaviors>

or

client.ClientCredentials.Windows.AllowedImpersonationLevel = 
System.Security.Principal.TokenImpersonationLevel.Anonymous;

score 0 · Answer 2 · answered May 31 '13 at 03:42

The MSDN article Debugging Windows Authentication Errors points out the need to combine your service configuration with the client configuration mentioned by @user1467261. It points to another article on impersonation in WCF for more detail - but glossing over it, the need to combine these settings is not entirely obvious.

How can I get serviceCredentials > windowsAuthentication > allowAnonymousLogons to work in WCF?

2 Answers2