This documentation is archived and is not being maintained.

<windowsAuthentication> of <serviceCredentials>

Specifies the settings of a Windows service credential.

      includeWindowsGroups="Boolean" />

The following sections describe attributes, child elements, and parent elements.


Attribute Description


An optional Boolean attribute that specifies whether the system includes Windows groups in the security context. The default is true.

Setting this attribute to true has a performance impact as it results in a full-group expansion. Set this attribute to false if you do not need to establish the list of groups a user belongs to.


An optional Boolean attribute that specifies whether anonymous, unauthenticated callers are allowed. The default is false.

When the clientCredentialType attribute of a binding is set to Windows, the system does not allow anonymous callers. This means that only domain or workgroup authenticated callers are allowed to access the system. You can override this behavior by using this attribute.

Use this setting with extreme caution.

Child Elements


Parent Elements

Element Description


Specifies the credential to be used in authenticating the service, and the client credential validation-related settings.

Use this element to specify whether to allow anonymous Windows users access by setting the allowAnonymousLogons attribute. You can also specify whether to include group information to which users belong in the AuthorizationContext by setting the includeWindowsGroups attribute. If it is set to true (the default setting), the service can determine the Windows groups to which the client belongs.

© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-01-05