musings from the end of a lightning bolt

Silverlight RIA Services and Basic, Anonymous Authentication

Tags: Silverlight, WCF RIA Services

This is going to be a quick post just to get the solution out there for people who may be running into this issue.  If you're like me, you host your sites on remote servers and you don't always have direct control over the 'IIS settings’ of the site.  This can be especially difficult if you are trying to deploy something like a Silverlight 4 RIA Services application.  The problem I ran into this evening was the following, I got the site up and running and everything looked good, but when I went to launch the administrative application which is powered by Silverlight 4 RIA Services, I noticed that none of my data was coming back and saving didn't work properly.  Upon hooking up Fiddler and looking at the 500 series error I was receiving, the following error message caught my attention:

IIS specified authentication schemes 'Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.

This error, along with many other deployment errors, are covered in Tim Heuer's blog post about RIA Services deployment, however, the ‘easy’ prescribed solutions did not work for me.  There are other posts out there that cover an option to actually disable Basic authentication through configuration [with system.webServer], but those changes are not always allowed in your hosting environment [and aren’t in mine].  On a previous RIA services deployment for another site, I worked with my hosting company's support department to get the issue resolved by doing things the 'hard' way and physically disabling 'Basic' authentication through the IIS settings for the site.  This time, I didn't want to fight with the hosting support line, primarily because it would have had to be in 'third party' mode.  These changes were for a site where I wasn't the 'site owner', just the developer, so I’d have to work through the site owner to get the support ticket handled properly.

I had been reading Juval Lowy's excellent WCF 4.0 book, and as I took a little closer look at the error message details, I thought to myself, is it possible to trick WCF into using only 'anonymous' mode without resorting to changing the IIS settings?

It turns out the answer is ‘YES!’ and it's really quite simple.  The solution involves taking advantage of the 'default' binding configurations that can be setup for all WCF endpoints.  In this case, Silverlight RIA Services uses a 'webHttpBinding' binding, so we need to provide an appropriate default security setting for that binding type.  Inserting the following snippet into your web.config should successfully allow the endpoint to be setup with RIA services.  In my example, I turned security off entirely [which, I believe, is the default configuration that RIA services uses].


   <!-- ... other bits ... -->

            <security mode="None" />


That's it!  The error no longer appeared and I could access my administrative application without further issues, and no support call was necessary! In this case, it's the use of the 'default' binding that makes this possible. When default bindings are specified, all endpoints that don't have an explicit binding configuration use the default settings to control their binding behavior. In this case, the default binding was enough to have RIA Services avoid constructing the binding dynamically in code, which is what was causing the error message listed above.


  • Daniel said

    Wow...after 125 hours of trying to host my client&#39;s site with Godaddy&#39;s non-dedicated service, you post saved the day! Thank you!

  • Christian said

    @Daniel I have been trying the same thing with GoDaddy. For the life of me I cannot get my ria services to work. I have tried hundreds of things. I have a bare bones business app that I am trying to spike on godaddy as a proof of concept. I am constantly getting the service not found error. Fiddler says http 500. Very frustrating. Any insight?

  • TheJet said

    @Christian The 500 errors can really be anything, from a mistake in your configuration file to an actual error in your GoDaddy site configuration. 1) Are you trying to run with RIA Services in Silverlight/.NET 4.0 or 3.5? If 4.0, then you need to make sure you&#39;re on &#39;Grid&#39; hosting, since that [was] the only plan that offered .NET 4.0 capabilities. 2) Are you remembering to deploy the RIA Services assemblies with your application? 3) Have you turned customErrors &#39;Off&#39; in configuration to see if that helps? 4) Have you tried pulling up the service URL in your browser directly to view the error [you can get the address from Fiddler]? If you&#39;ve tried these things [and checked Tim Heuer&#39;s blog post linked above], and still need some help, just ping me on Twitter or over email and I can try to help you out. GoDaddy&#39;s service is entirely useless for this sort of thing.

  • Avatare said

    I´d be so lost with out you guys posting codes and solutions, thanks a lot, programming is such a pain for me, or lets say locating the error is the pain.

  • Balachander said

    Great advice and Yes it works. Made my day. Wonder why it is not there on MSDN Community Silverlight Thanks a lot Balachander

Comments have been disabled for this content.