How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)

The site is hosted on IIS 7, with the following authentication set up:

  • Anonymous access: OFF
  • Basic authentication: ON
  • Integrated Windows authentication: OFF

Service Config:

<services>
  <service name="NameSpace.SomeService">
    <host>
      <baseAddresses>
        <add baseAddress="https://hostname/SomeService/" />
      </baseAddresses>

    </host>
    <!-- Service Endpoints -->
    <endpoint address="" binding="basicHttpBinding"
              bindingNamespace="http://hostname/SomeMethodName/1"
              contract="NameSpace.ISomeInterfaceService"
              name="Default"
                      />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <exceptionShielding/>
    </behavior>
  </serviceBehaviors>
</behaviors>

I tried 2 types of bindings with two different errors:

  • 1. IIS Error:

    'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].

    <bindings>
       <basicHttpBinding>
         <binding>
           <security mode="TransportCredentialOnly">
             <transport clientCredentialType="Basic"/>
           </security>
         </binding>
       </basicHttpBinding>
     </bindings>
    
  • 2. IIS Error:

    Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

     <bindings>
       <basicHttpBinding>
         <binding>
           <security mode="Transport">
             <transport clientCredentialType="Basic"/>
           </security>
         </binding>
       </basicHttpBinding>
      </bindings>
    

Does anyone know how to configure this correctly? (if is it possible?)


Solution 1:

After some digging and asking some questions to a few colleagues, we finally solved the problem.

Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.

IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)

WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.

The binding configuration of the service:

<bindings>
  <basicHttpBinding>
     <binding>
        <security mode="Transport">
           <transport clientCredentialType="Basic" />
        </security>
     </binding>
  </basicHttpBinding>

And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.

Deleted:

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>