Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

I have seen people struggling while configuring integrated windows authentication for their IIS hosted WCF service and are getting above exception. There are two settings required to make this work.

·         First enable Integrated Windows Authentication on IIS

·         Set the clientCredentialType to Windows

Here is a sample binding to enable windows authentication in IIS.

<bindings>

  <basicHttpBinding>

    <binding name="basicHttpBinding IMyService">

      <security mode="TransportCredentialOnly">

        <transport clientCredentialType="Windows"/>

      </security>

    </binding>

  </basicHttpBinding>

</bindings>

However even after making these two changes you might still be getting the exception and the prime reason is that one of the service endpoints (most likely the MEX endpoint) still requires anonymous access while it is disabled in IIS.

Why mostly MEX endpoint?

Because the default settings of mexHttpBinding allows anonymous access by setting clientCredentialsType to None. So if you have a mex endpoint and you are using out of the box mexHttpBinding you will be getting the above exception.

A simple fix is to use the same secured binding, in this case basicHttpBinding IMyService, for the mex endpoint as well or create a new binding and disable the anonymous access for mex endpoint as well.