I'm attempting to create a process that verifies data within a database and notifies users of errors. My initial thought was to create a web service that is triggered when the user saves the web form. That web service would begin the process of validating the data and populating another table with information about what information it believes is invalid. From the beginning I had intended for this web service to return instantly prior to the actual completition of the data verification. The data verification is going to be a longer process and isn't intended to be form validation. It's also okay if it were to happen to fail since the process will be refreshed every evening also so I’m not concerned about that.
OneWay services seems like the most logical choice for this. I have already written the service and everything is working great without OneWay being present. However the moment I add OneWay the process no longer works. What is particularly puzzling to me is I have a line that outputs a log file at the very beginning of the web service method and it occasionally writes the log when I call the service. Not every time, but sometimes. I also have multiple log statements that get outputted and it has never made it past the first line once isOneWay is enabled. It seems like the code is just being arbitrarily halted. Has anyone ever run into this before? My next option is to create a network queue task that receives the web service call directly and adds it to its queue and I was hoping to avoid doing that.
A bit more background information, I am new to WCF services but not web services in general. The web application is written in ASP.Net and is calling the webservice via HttpGet.
I'm open to other architecture suggestions and any input is greatly appreciated.
Here is the ServiceModel element from the web.config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="WebHttpBinding_Service">
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport authenticationScheme="Negotiate,Ntlm"/>
</binding>
</customBinding>
<webHttpBinding>
<binding name="webHttpBinding_IISAuthen">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="Namespace.Service" behaviorConfiguration="Namepsace.ServiceBehavior">
<endpoint address="" behaviorConfiguration="Namespace.ServiceAspNetAjaxBehavior"
binding="webHttpBinding" bindingConfiguration="webHttpBinding_IISAuthen" contract="Namespace.Service" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="Namespace.ServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="Namespace.ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<client>
<endpoint binding="customBinding" bindingConfiguration="WebHttpBinding_Service"
contract="Service" name="WebHttpBinding_Service" />
</client>
</system.serviceModel>
When running into problems like these in WCF, where something stops working when changing the configuration, I would definitely start by tracing the running service. WCF has a great tracing mechanism which you start by editing the configuration. You can read all about configuring it here.
I discovered the problem. It may seem odd but the service was being run within the same project and that seemed to be causing the problem with using it as a one way service. I moved it out into its own project everything worked as expected.
I thank everyone for their time, the tracing will certainly prove to be useful in the future.
Related
I'm building an ASP.NET website - it's a solution with a few projects, a data base and a web service. Everything worked fine, but last time I tried to run the project, I got the following error:
There was no endpoint listening at http://localhost:[number]/BooksWS.svc that could accept the
message. This is often caused by an incorrect address or SOAP action. See InnerException,
if present, for more details.
The inner exception says:
Unable to connect to the remote server
This error sort of came out of the blue, so I'm not sure what additional information I should provide. Does anyone have any idea why this could happen?
I suppose even a general answer could help, the only info I found about this error in the web concerned WCF.
go to webconfig page of your site, look for the tag endpoint, and check the port in the address attribute, maybe there was a change in the port number
Another case I just had - when the request size is bigger than the request size set in IIS as a limit, then you can get that error too.
Check the IIS request limit and increase it if it's lower than you need.
Here is how you can check and change the IIS request limit:
Open the IIS
Click your site and/or your mapped application
Click on Feature view and click Request Filtering
Click - Edit Feature Settings.
I just found also another thread in stack
IIS 7.5 hosted WCF service throws EndpointNotFoundException with 404 only for large requests
An another possible case is make sure that you have installed WCF Activation feature.
Go to Server Manager > Features > Add Features
I had this problem when I was trying to call a WCF service hosted in a new server from a windows application from my local. I was getting same error message and at end had this "No connection could be made because the target machine actively refused it 127.0.0.1:8888". I donot know whether I am wrong or correct but I feel whenever the server was getting request from my windows application it is routing to something else. So I did some reading and added below in Web.config of service host project. After that everything worked like a magic.
<system.net>
<defaultProxy enabled="false">
</defaultProxy>
</system.net>
Short answer but did you have Skype open? This interferes specifically with ASP.NET by default (and localhosts in general) using port:80.
In Windows: Go to Tools -> Options -> Advanced -> Connection and uncheck the box "use port 80 and 443 as alternatives for incoming connections".
Try this:
Delete the service instance.
Create a new instance of the service.
Sometimes the port is changed and generated error.
I tried a bunch of these ideas to get HTTPS working, but the key for me was adding the protocol mapping. Here's what my server config file looks like, this works for both HTTP and HTTPS client connections:
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding" bindingConfiguration="TransportSecurityBinding" />
</protocolMapping>
<services>
<service name="FeatureService" behaviorConfiguration="HttpsBehavior">
<endpoint address="soap" binding="wsHttpBinding" contract="MyServices.IFeature" bindingConfiguration="TransportSecurityBinding" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="HttpsBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurityBinding" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
If you are using custom binding, please make sure that you are putting the same name for both custom binding (Server and Client)in config files
<bindings>
<customBinding>
<binding name="BufferedHttpServerNoAuth" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding" MaxArrayLength="10485760" MaxBytesPerRead="31457280" MaxStringContentLength="102400000" />
<httpsTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False" maxReceivedMessageSize="31457280" authenticationScheme="Anonymous" bypassProxyOnLocal="True" realm="" useDefaultWebProxy="False" />
</binding>
</customBinding>
</bindings>
the binding name "BufferedHttpServerNoAuth" should be same in both.
Hope this would help someone
This is ancient history but I just ran into this issue and the fix for me was recycling the application pool of the website in IIS. Easy fix, for once.
I changed my website and app bindings to a new port and it worked for me. This error might occur because the port the website uses is not available. Hence sometimes the problem is solved by simply restarting the machine
-Edit-
Alternative (and easier) solution:reference
Get PID of process which is using the port
CMD command-
netstat -aon | findstr 0.0:80
Use the PID to get process name -
tasklist /FI "PID eq "
Open task manager, find this process and stop it.
(Note- Make sure you do not stop Net.tcp services)
I solved it by passing the binding with endpoint.
"http://abcd.net/SampleFileService.svc/basicHttpWSSecurity"
Click on Service which you have created right click on it then select update references after this rebuild the application it will work
I have two different WCF services hosted on IIS7. One is Database Service which is configured to run on namedpipe. The other service hosted on same machine is accessing the first service via named pipe and is configured to run on webhttp.
however when i call the database service from another service i get the following error
"There was no endpoint listening at "net.pipe://localhost/iSPYDBService" that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."
Database Service Config file Snippet
<system.serviceModel>
<services>
<service name="DBService.Service">
<endpoint address="net.pipe://localhost/iSPYDBService"
binding="netNamedPipeBinding"
contract="DBService.Contracts.IDBService"
bindingConfiguration="Binding1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<bindings>
<netNamedPipeBinding>
<binding name="Binding1"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
transactionFlow="false"
transferMode="Buffered"
maxBufferPoolSize="524288"
maxBufferSize="65536"
maxConnections="10"
maxReceivedMessageSize="65536">
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" />
</security>
</binding>
</netNamedPipeBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
The Other Service Calling the Database service via named pipe throws error as mentioned above.
ChannelFactory<DBService.Contracts.IDBService> pipeFactory =
new ChannelFactory<DBService.Contracts.IDBService>(
new NetNamedPipeBinding(),
new EndpointAddress("net.pipe://localhost/iSPYDBService"));
pipeProxy = pipeFactory.CreateChannel();
var categories = pipeProxy.GetCategories();
Both services are hosted on IIS. i have already given the binding for net.pipe in database service and also add "http,net.pipe" in "enabled protocols".
You cannot use IIS Express.
In IIS (full, not express) ... go to your website.
Follow this bread crumb:
WCF Host Web Site > Manage Application > advanced Settings > Enabled Protocols
You probably have "http" or "http,net.tcp" already set.
Add "net.pipe" (with a comma before it)
As seen below. Note, do not add any spaces.
http,net.tcp,net.pipe
The magic is the correct value ("net.pipe") in this case.
You can read more about it here
Could not find a base address that matches scheme net.tcp
The following should help:
Clear the address in the service config like address=""
Edit the bindings of your site in IIS and add or update the site bindings of the net.pipe type and give the "Binding information" a proper name
Update your client config to address="net.pipe://PROPER_NAME/YOUR_SERVICE.svc"
Set the security mode to None for the bindings on both the client and the service end.
Make sure the Windows Features are enabled for Named Pipe Activation for WCF 4.5 or the Non-HTTP Activation for WCF 3.5
I have a WCF Rest Service that I'm building. The service is hosted in IIS under an SSL. And I have the site in IIS setup to use Windows authentication with Anonymous authentication disabled.
However, when I attempt to navigate to service.svc file in the browser to test the windows authentication I am prompted from my credentials as expected. However, after entering my credentials it continuous to prompt me over and over. And I don't know why or what I'm missing.
If I re-enable Anonymous authentication and navigate to the service.svc file then the wsdl data loads..but from my understanding is no longer using windows authentication at that point.
I have tested this in IE and Firefox and both of them do the same thing.
Here is my web.config
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="WebHttpBindingConfig">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="httpEnabled">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceCredentials>
<windowsAuthentication allowAnonymousLogons="False" includeWindowsGroups="True"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpBehavior">
<webHttp helpEnabled="true"/>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="myService" behaviorConfiguration="httpEnabled">
<endpoint address="" binding="webHttpBinding" contract="myContract" behaviorConfiguration="EndpBehavior" bindingConfiguration="WebHttpBindingConfig" />
</service>
</services>
Any help figuring this out would be great. If you need any other information please let me know. Thank you.
Problem: Continuous prompt for creds when attempting to view Service.svc in browser.
Expected result: Upon entering valid creds they Service.svc page should load
EDIT:
I was going to post images of the Auth Settings and an example of what it was dong to give a visual, but I don't have enough reputation yet. Sorry.
I figured it out. It ended up being a server configuration issue. I discovered I could load the Service.svc file from a remote machine with valid creds. So after I did some searching I found the following article:
http://warnajith.blogspot.com/2011/06/iis-75-401-unauthorized-access-error.html
The issue was I needed to DisableLoopbackCheck. So after I followed the steps on that page to update the registry it loaded correctly
Note: If you're on a windows 2012 server you do not need to do step 1 in the link provided.
Hope this helps someone else in the future.
I was haivng a project in which earlier I was hosting only single WCF service. Everything used to work fine. Later, as part of enhancements we have added two more WCF services to the same project with different Interfaces and different SVC files. All three services share same web.config which define the three end points (corresponding to each service).
WCF services for my project are hosted as separate website with its own App Pool and port number. All three of my services share the same App pool.
With this setup when I am deploying application to test servers many times I am getting sporadic error as below and service stops working. Of the three service, one or two at a time gives this error other keeps on working.
System.ServiceModel.ServiceHostingEnvironment+HostingManager/4032828
System.ServiceModel.ServiceActivationException: The service '...svc' cannot be activated due to an exception during compilation. The exception message is: An error occurred while accessing the IIS Metabase.. --->
System.Runtime.InteropServices.COMException: An error occurred while accessing the IIS Metabase.
at System.ServiceModel.Activation.MetabaseReader..ctor
I enabled svclogs for the webservice and there I am seeing things like
......
AppDomain unloading
To: construct ServiceHost 'myservice1'
From: construct ServiceHost 'myservice1'
To: Open ServiceHost 'myservice1'
From: ServiceHost 'myservice1'
ASP.NET hosted service activated
**Wrote To Eventlog** << Exception at this point for myservice2.
I have tried This options but it doesn't help. I have also searched on net but not finding any other solution that can help.
I am having IIS6 on the test servers.
Any help would be greatly appreciated.
UPDATE:
I have observed a pattern. After Idle time, whichever service is hit first gets activated properly, other ones fails. Also, to add to Port part, we are specifically mentioning port on which this service would be running. for my application say the port number is 25000, then no other application on this server is sharing this port number, only my application. So if there are multiple Services, then they are sharing the port, but again the same setup is there for other projects having multiple SVC services and none has ever experienced this issue (as far as I know).
UPDATE 2: Below is the config file. I have typed in the config file but have tried to keep this as accurate as possible. (please ignore case-sensitive things)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Basic" realm="prod.xxx.net" />
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviours>
<serviceBehaviours>
<behaviour name="firstServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behaviour>
<behaviours>
<serviceBehaviours>
<behaviour name="secondServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
</behaviour>
<behaviours>
<serviceBehaviours>
<behaviour name="thirdServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behaviour>
<services>
<service behaviourConfiguration="firstServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="firstServiceEndPoint" contract="IfirstServiceContract" />
</service>
<service behaviourConfiguration="secondServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="secondServiceEndPoint" contract="IsecondServiceContract" />
</service>
<service behaviourConfiguration="thirdServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding"
name="thirdServiceEndPoint" contract="IthirdServiceContract" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</System.ServiceModel>
I won't say this as complete answer, but this somewhat helped solve our problem. I still want to know reason / solution to actual cause of the problem. I am mentioning this work around as this might help somebody Temporarily resolve their issues as well who might face similar problem.
As I mentioned the issue was coming only when application was idle for some time. In that case IIS was shutting down (unloading) the application's AppDomain (This is from SVC Logs).
So we created a simple console app that was hitting all the services of our application every 5-10 minutes and was not letting AppDomain to shut down. There is an alternative way for achiving this - Setting IIS configuration to not to unload AppDomain (this was less feisible for us provided the shared infrastructure). This helped us to complete testing.
Then as we moved to load-balanced environments (Testing environments close to production), we suddenly stopped getting the issue and with some analysis we found that the Load-Balancer itself was pinging these services so as to make sure that they are up, and because of this App Domain of these services was never unloading.
So, for now we can say that we are not getting this issue in a load balanced environment, but the question still remains why was it even happening (for non load Balanced environments).
I'm a noob; please help me understand this authentication config / bindings stuff that confuses me so much.
I have a C# WCF service deployed on IIS 7 on Win 2008. My client is a Windows Forms C# app. My client works just fine when it's running from the same server where the WCF service is running, but when I try to run my client from a remote PC, I get the following exception...
System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service.
I've read a few posts about these issues, and know that my problem is because my service and client are configured to use Windows authentication, which I guess is the default when using Visual Studio to create the service, and to add the service reference to the client. Below is my config before I made any changes, when it was still set to Windows (with irrelevant bits removed)...
Web.Config
<system.web>
...
<authentication mode="Windows"/>
...
<system.serviceModel>
<services>
<service name="MCLaborServer.LaborService" behaviorConfiguration="MCLaborServer.LaborServiceBehavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="MCLaborServer.ILaborService">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MCLaborServer.LaborServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
And from the App.Config on the client...
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ILaborService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://<myDnsNameGoesHere>/MCLaborServer/LaborService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ILaborService"
contract="LaborService.ILaborService" name="WSHttpBinding_ILaborService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
So, first I changed "authentication mode="None"" in the web.config, and set "security mode="None"" in the client's app.config, and set both the clientCredentialType="None" for message and transport. I also commented out the "identity" sections in both the web.config and client's app.config. That broke it completely though and now the client running locally won't even work; it gives a "The remote server returned an unexpected response: (405) Method Not Allowed" error.
So what can I do to turn security off so that I can connect using a remote client? I do have anonymous access enabled by the way in IIS for my application.
I'd also like to ask, what's the best practice way to configure this so I can make webservice calls on a remote client over the internet in a semi-secure fashion without using SSL or doing anything that would cost money. I'm not really that concerned about security of the data because it's not really sensitive data, but still I'd like to make sure the server isn't open to attacks.
Also, I read that I can use Windows authentication, and then explicitly specify credentials in code, like below. If I do that, will it still work remotely? And if so, does that end up making my Windows credentials for the server be sent over the wire in an insecure fashion, so then I'd be open to getting my credentials hijacked?
SomeService.ServiceClient someService = new SomeService.ServiceClient();
someService.ClientCredentials.Windows.ClientCredential.UserName="windowsuseraccountname"
someService.ClientCredentials.Windows.ClientCredential.Password="windowsuseraccountpassword"
I've read through the following posts / links, but still am confused. Thanks for any help!
WCF error: The caller was not authenticated by the service
How to fix "The caller was not authenticated by the service"?
http://msdn.microsoft.com/en-us/library/aa291347(v=vs.71).aspx
http://www.devx.com/codemag/Article/33342/1763/page/2
We ran into similar issues when setting up low security WCF services that ran across domains. One of the biggest problems (if you can call it that) is that WCF is configured to be very secure by default. Because our application was entirely within a secure network, we did not want to have to bother with a lot of complicated certificates. Our workaround was to create a custom binding that allowed us to use username/password authentication for our services without any encryption. We based our implementation off of Yaron Naveh's Clear Username Binding. I would recommend that you have a look at that (and at his blog post introducing it).
Some good resources for learning about WCF Bindings and Security:
MSDN - Windows Communication Foundation Bindings Overview
MSDN - System-Provided Bindings
MSDN - Security Overview
MSDN - Programming WCF Security
MSDN - WCF Security Fundamentals
MSDN - Choosing a Transport
I fixed this by changing binding to basicHttpBinding, changing authentication to Forms and turning security off.