6/7/11

WCF Service IIS specified authentication schemes error

If after deploying your WCF service, you are getting this error:
InvalidOperationException: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme.


You are probably using an activation host factory that does not agree with the IIS settings. The error means that the IIS application configuration has been set to support multiple authentication schemes, but when the service is trying to get activated it does not know which authentication scheme to use (ambiguous). There is a good chance that your development environment is configured differently which may explain why the error was not generated during your unit test.

To solve this problem, we first need to identify the IIS settings on the server where the application is getting the error. Open IIS manager, select the web application node and select the authentication icon (IIS7, use directory security tab for IIS6). Most of the time, production environments will be configured to support the following schemes:

Anonymous and Windows authentication.








We should now match those settings in the development environment and try to recreate the error.  Once the error is recreated in the development environment, we need to identify why our service does not support the multiple authentication schemes. Open the SVC file and look for the Factory property.  This factory property makes it easy to auto configure our services when there are no configuration settings in the web.config.  This error is commonly created when the host factory is set to use WebScriptServiceHostFactory which adds an ASP.Net AJAX end point to the service. This dynamic endpoint is the one being used for the web service, and it is causing your application to generate the error.

<%@ ServiceHost Language="C#" Debug="true" Service="Web.MyService" Factory="System.ServiceModel.Activation.WebScriptServiceHostFactory"%>

To address this problem, change the factory to use the ServiceHostFactory which supports multiple authentication schemes or just remove the factory attribute all together. By removing the factory attribute, the service uses the information from the web.config.

<%@ ServiceHost Language="C#" Debug="true" Service="Web.MyService" Factory="System.ServiceModel.Activation.ServiceHostFactory"%>

I hope this helps.

og-bit.com