The HTTP request was forbidden with client authentication scheme 'Anonymous' error, when adding WCF service reference

Question

I am having an issue when trying to add a service reference to my winforms app. Both the service and the app are in the same solution and the service is using iisexpress with the default iisexpress development certificate installed. When I try to add the service reference I get the normal dialogs which find the service and then tell me the certificate is not signed by an authority. I "Ok" that message but then I get this error.

The HTTP request was forbidden with client authentication scheme 'Anonymous'.

The web.config for the web service is as follows

  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
        <authentication mode="Windows" />
        <identity impersonate="false" />
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="WsHttpBindingConfig">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Certificate" />
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>

    </bindings>
    <protocolMapping>
        <add binding="wsHttpBinding" scheme="https" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true" />
  </system.webServer>

</configuration>

EDIT----------------

I also get the following messagebox pop up after I accept the certificate.

"There was an error downloading metadata from this address.Please verify that you have entered a valid address"

Also I have found if I change

<protocolMapping>
        <add binding="wsHttpsBinding" scheme="https" />
    </protocolMapping>

to

<protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>

Then I can suddenly add the reference. Why is this? Surely I need it to be wsHttpsBinding?

Answer 1

In your configuration you have <transport clientCredentialType="Certificate" /> , which indicates a signed certificate must be used to authenticate the client. For that you need to have a properly signed certificate.

Try using <transport clientCredentialType="None" /> to circumvent or look at the various options to see which one applies to your use case.

Answer 2

I have now fixed this issue.

I needed to change the following config on the server

<protocolMapping>
        <add binding="wsHttpBinding" scheme="https" />
    </protocolMapping>

to

<protocolMapping>
        <add binding="wsHttpBinding" scheme="https" bindingConfiguration="WsHttpBindingConfig" />
    </protocolMapping>