<windowsAuthentication> of <serviceCredentials>
Specifies the settings of a Windows service credential.
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<windowsAuthentication>
Syntax
<windowsAuthentication allowAnonymousLogons="Boolean"
includeWindowsGroups="Boolean" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute | Description |
---|---|
includeWindowsGroups |
An optional Boolean attribute that specifies whether the system includes Windows groups in the security context. The default is true .Setting this attribute to true has a performance impact as it results in a full-group expansion. Set this attribute to false if you do not need to establish the list of groups a user belongs to. |
allowAnonymousLogons |
An optional Boolean attribute that specifies whether anonymous, unauthenticated callers are allowed. The default is false .When the clientCredentialType attribute of a binding is set to Windows , the system does not allow anonymous callers. This means that only domain or workgroup authenticated callers are allowed to access the system. You can override this behavior by using this attribute.Use this setting with extreme caution. |
Child Elements
None.
Parent Elements
Element | Description |
---|---|
<serviceCredentials> | Specifies the credential to be used in authenticating the service, and the client credential validation-related settings. |
Remarks
Use this element to specify whether to allow anonymous Windows users access by setting the allowAnonymousLogons
attribute. You can also specify whether to include group information to which users belong in the AuthorizationContext by setting the includeWindowsGroups
attribute. If it is set to true
(the default setting), the service can determine the Windows groups to which the client belongs.