Last post May 19, 2009 04:31 PM by randallt
Mar 08, 2009 06:52 AM|haycheskay|LINK
Currently we are experimenting with REST Starter Kit (config-less web.config) and are using WebServiceHost2 and have our own ServiceFactory in the .svc file.
public class AppServiceHostFactory : ServiceHostFactory
protected override ServiceHost CreateServiceHost(Type serviceType, Uri baseAddresses)
//return new WebServiceHost2(serviceType, true, baseAddresses);
WebServiceHost2 result = new WebServiceHost2(serviceType, false, baseAddresses);
We get the following error when we use IIS as our development server for the web application (works under VS web server):
"IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the
IIS settings so that only a single authentication scheme is used."
Now, I know you can get around this error by de-selecting "Integrated Windows Authentication" from within IIS, but this is not desirable.
Is there any way to get around this error by making necessary entries in the web.config?
Apr 23, 2009 02:46 PM|linush|LINK
I have the exact same problem and wonder if you've found a solution. Can you update? Thanks.
Apr 23, 2009 02:58 PM|haycheskay|LINK
We just dropped this thing-- had enough with it.
See also my post on licensing issues: http://forums.asp.net/t/1400833.aspx
May 19, 2009 04:31 PM|randallt|LINK
You're getting this exception because you are using the default endpoint of the WebServiceHost--that is, you are not specifying an endpoint in the web.config and so the WebServiceHost is trying to guess what you want. For security reasons WebServiceHost
will not use two authentication schemes by default because it might be allowing sensitive information to be accessed without the developer realizing it.
The solution is to explicitly add a <service><endpoint [your configuration here] /> <service> entry into the web.config. Then you can turn on any combination of authentication schemes that you'd like.