How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?

Question

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)

The site is hosted on IIS 7, with the following authentication set up:

• Anonymous access: OFF
• Basic authentication: ON
• Integrated Windows authentication: OFF

---

Service Config:

<services>   <service name="NameSpace.SomeService">     <host>       <baseAddresses>         <add baseAddress="https://hostname/SomeService/" />       </baseAddresses>      </host>     <!-- Service Endpoints -->     <endpoint address="" binding="basicHttpBinding"               bindingNamespace="http://hostname/SomeMethodName/1"               contract="NameSpace.ISomeInterfaceService"               name="Default"                       />     <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>   </service> </services> <behaviors>   <serviceBehaviors>     <behavior>       <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->       <serviceMetadata httpsGetEnabled="true"/>       <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->       <serviceDebug includeExceptionDetailInFaults="false"/>       <exceptionShielding/>     </behavior>   </serviceBehaviors> </behaviors> 

I tried 2 types of bindings with two different errors:

• 1. IIS Error:

  'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].

  <bindings>    <basicHttpBinding>      <binding>        <security mode="TransportCredentialOnly">          <transport clientCredentialType="Basic"/>        </security>      </binding>    </basicHttpBinding>  </bindings> 

• 2. IIS Error:

  Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

   <bindings>    <basicHttpBinding>      <binding>        <security mode="Transport">          <transport clientCredentialType="Basic"/>        </security>      </binding>    </basicHttpBinding>   </bindings> 

Does anyone know how to configure this correctly? (if is it possible?)

Answer 1

After some digging and asking some questions to a few colleagues, we finally solved the problem.

Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.

IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)

WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.

The binding configuration of the service:

<bindings>   <basicHttpBinding>      <binding>         <security mode="Transport">            <transport clientCredentialType="Basic" />         </security>      </binding>   </basicHttpBinding> 

And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.

Deleted:

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>