Edit

Share via


WindowsServiceCredential.AllowAnonymousLogons Property

Definition

Gets or sets a value that indicates whether to allow anonymous users access (applies only to message-level security).

public:
 property bool AllowAnonymousLogons { bool get(); void set(bool value); };
public bool AllowAnonymousLogons { get; set; }
member this.AllowAnonymousLogons : bool with get, set
Public Property AllowAnonymousLogons As Boolean

Property Value

true if anonymous users are allowed access; otherwise, false. The default is false.

Examples

The following code shows how to get this property.

// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);

// Create a binding that uses a WindowsServiceCredential.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

// Add an endpoint.
sh.AddServiceEndpoint(typeof(ICalculator), b, "WindowsCalculator");

// Get a reference to the WindowsServiceCredential object.
WindowsServiceCredential winCredential =
    sh.Credentials.WindowsAuthentication;
// Print out values.
Console.WriteLine("IncludeWindowsGroup: {0}",
    winCredential.IncludeWindowsGroups);
Console.WriteLine("UserNamePasswordValidationMode: {0}",
    winCredential.AllowAnonymousLogons);

Console.ReadLine();
' Create a service host.
Dim httpUri As New Uri("http://localhost/Calculator")
Dim sh As New ServiceHost(GetType(Calculator), httpUri)

' Create a binding that uses a WindowsServiceCredential.
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows

' Add an endpoint.
sh.AddServiceEndpoint(GetType(ICalculator), b, "WindowsCalculator")

' Get a reference to the WindowsServiceCredential object.
Dim winCredential As WindowsServiceCredential = sh.Credentials.WindowsAuthentication
' Print out values.
Console.WriteLine("IncludeWindowsGroup: {0}", winCredential.IncludeWindowsGroups)
Console.WriteLine("UserNamePasswordValidationMode: {0}", winCredential.AllowAnonymousLogons)

Console.ReadLine()

Remarks

When using Windows client credentials on a binding, by default the system does not allow anonymous access. This means that only domain or workgroup authenticated users are allowed into the system. However, in certain cases it is acceptable for anonymous, unauthenticated users to access the service. In this case you can set this property to true to allow anonymous clients to call the service. A service that enables anonymous authentication is significantly loosening the security requirements, so this setting should be used with caution.

Note that this property does not apply to transport security scenarios and applies only when message security is used by the underlying binding to secure the messages. If Windows transport security is used, this property does not apply.

Applies to