Edit

Share via

<windowsAuthentication> of <serviceCredentials>

  • Article

Specifies the settings of a Windows service credential.

<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <windowsAuthentication>

Syntax

<windowsAuthentication allowAnonymousLogons="Boolean"
                       includeWindowsGroups="Boolean" />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
includeWindowsGroups An optional Boolean attribute that specifies whether the system includes Windows groups in the security context. The default is true.

Setting this attribute to true has a performance impact as it results in a full-group expansion. Set this attribute to false if you do not need to establish the list of groups a user belongs to.
allowAnonymousLogons An optional Boolean attribute that specifies whether anonymous, unauthenticated callers are allowed. The default is false.

When the clientCredentialType attribute of a binding is set to Windows, the system does not allow anonymous callers. This means that only domain or workgroup authenticated callers are allowed to access the system. You can override this behavior by using this attribute.

Use this setting with extreme caution.

Child Elements

None.

Parent Elements

Element Description
<serviceCredentials> Specifies the credential to be used in authenticating the service, and the client credential validation-related settings.

Remarks

Use this element to specify whether to allow anonymous Windows users access by setting the allowAnonymousLogons attribute. You can also specify whether to include group information to which users belong in the AuthorizationContext by setting the includeWindowsGroups attribute. If it is set to true (the default setting), the service can determine the Windows groups to which the client belongs.

See also