Silverlight RIA Services and Basic, Anonymous Authentication
This is going to be a quick post just to get the solution out there for people who may be running into this issue. If you're like me, you host your sites on remote servers and you don't always have direct control over the 'IIS settings’ of the site. This can be especially difficult if you are trying to deploy something like a Silverlight 4 RIA Services application. The problem I ran into this evening was the following, I got the site up and running and everything looked good, but when I went to launch the administrative application which is powered by Silverlight 4 RIA Services, I noticed that none of my data was coming back and saving didn't work properly. Upon hooking up Fiddler and looking at the 500 series error I was receiving, the following error message caught my attention:
IIS specified authentication schemes 'Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.
This error, along with many other deployment errors, are covered in Tim Heuer's blog post about RIA Services deployment, however, the ‘easy’ prescribed solutions did not work for me. There are other posts out there that cover an option to actually disable Basic authentication through configuration [with system.webServer], but those changes are not always allowed in your hosting environment [and aren’t in mine]. On a previous RIA services deployment for another site, I worked with my hosting company's support department to get the issue resolved by doing things the 'hard' way and physically disabling 'Basic' authentication through the IIS settings for the site. This time, I didn't want to fight with the hosting support line, primarily because it would have had to be in 'third party' mode. These changes were for a site where I wasn't the 'site owner', just the developer, so I’d have to work through the site owner to get the support ticket handled properly.
I had been reading Juval Lowy's excellent WCF 4.0 book, and as I took a little closer look at the error message details, I thought to myself, is it possible to trick WCF into using only 'anonymous' mode without resorting to changing the IIS settings?
It turns out the answer is ‘YES!’ and it's really quite simple. The solution involves taking advantage of the 'default' binding configurations that can be setup for all WCF endpoints. In this case, Silverlight RIA Services uses a 'webHttpBinding' binding, so we need to provide an appropriate default security setting for that binding type. Inserting the following snippet into your web.config should successfully allow the endpoint to be setup with RIA services. In my example, I turned security off entirely [which, I believe, is the default configuration that RIA services uses].
<system.serviceModel>
<!-- ... other bits ... -->
<bindings>
<webHttpBinding>
<binding>
<security mode="None" />
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
That's it! The error no longer appeared and I could access my administrative application without further issues, and no support call was necessary! In this case, it's the use of the 'default' binding that makes this possible. When default bindings are specified, all endpoints that don't have an explicit binding configuration use the default settings to control their binding behavior. In this case, the default binding was enough to have RIA Services avoid constructing the binding dynamically in code, which is what was causing the error message listed above.