Share via


Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

You might get a "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service." exception when configuring security for WCF services. The reason for such an error is simple: you are exposing an endpoint that requires anonymous auth and anonymous access is not allowed on the hosting web site or virtual directory. Chances are that the offending endpoint is your metadata exchange endpoint. Once you remove this endpoint or you configure a different authentication for it, the error should disappear.

Comments

  • Anonymous
    March 20, 2011
    Thanx buddy for pointing out the exact problem.

  • Anonymous
    May 22, 2011
    thanks, a good description ! But i do want to clear one thing here. You mean that the metadata endpoint requires anonymous auth and therefore removing it should make the error disappear .. that actually helped. But i wonder if i remove the mex endpoint, then how will my service and client exchange metadata?? how will metadata exchange take place??

  • Anonymous
    June 04, 2012
    Bingo....this was tough. Thanks for the solution!

  • Anonymous
    November 27, 2014
    Thanks for the solution. Very helpfull