Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.


You might get a “Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.” exception when configuring security for WCF services. The reason for such an error is simple: you are exposing an endpoint that requires anonymous auth and anonymous access is not allowed on the hosting web site or virtual directory. Chances are that the offending endpoint is your metadata exchange endpoint. Once you remove this endpoint or you configure a different authentication for it, the error should disappear.


Comments (4)

  1. zafar ayaz yousafi says:

    Thanx buddy for pointing out the exact problem.

  2. Mumtaz says:

    thanks, a good description ! But i do want to clear one thing here. You mean that the metadata endpoint requires anonymous auth and therefore removing it should make the error disappear .. that actually helped. But i wonder if i remove the mex endpoint, then how will my service and client exchange metadata?? how will metadata exchange take place??

  3. John Czaplicki says:

    Bingo….this was tough. Thanks for the solution!

  4. Vijayashree says:

    Thanks for the solution. Very helpfull