ExtendedProtectionPolicy.PolicyEnforcement values do not match. IIS is WhenSupported, while WCF Transport is Never

Question

ExtendedProtectionPolicy.PolicyEnforcement values do not match. IIS is WhenSupported, while WCF Transport is Never

I am working on a secure website that processes WCF REST services. Everything worked fine until I started protecting my site. I changed the anonymous form of authentication mode to Windows authentication and logged in to the global.asax file.

For a website that designs MVC architecture and uses internal services, everything works as expected, but the REST API does not work very well.

I added the security configuration to the web.config binding section as follows:

    <binding name="webHttpBindingWindows">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"></transport>
      </security>
    </binding>

and

   <binding name="webHttpBindingWindows">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="Windows"></transport>
      </security>
    </binding>

with and without:

<extendedProtectionPolicy policyEnforcement="WhenSupported"></extendedProtectionPolicy>

but I got this exception:

, IIS, , . ExtendedProtectionPolicy.PolicyEnforcement . IIS WhenSupported, WCF Never.

- , ?

IIS, . ( , .)

, .

+3

security rest iis-7.5 wcf windows-authentication

nhershko 04 . '14 15:13

1

nhershko · Answer 1 · 2014-02-12T08:28:50+0000

:

IIS off. enabled.
:
- <transport clientCredentialType="Ntlm"></transport>
- <endpoint address="mex" … /> address="rest"
global.asax cookie REST :

public void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs args)

!

ExtendedProtectionPolicy.PolicyEnforcement values ​​do not match. IIS is WhenSupported, while WCF Transport is Never

More articles:

ExtendedProtectionPolicy.PolicyEnforcement values do not match. IIS is WhenSupported, while WCF Transport is Never