Object moved to here
The Windows Communication Foundation (WCF) runtime requires that the security settings of the WCF service match the IIS settings. When anonymous authentication is disabled in IIS, WCF cannot use anonymous binding. Therefore, the WCF runtime throws an exception if there is anonymous binding in WCF.
Web applications use a claims-based authentication method. Therefore, the identity of web application threads is forms-based instead of Windows-based. When a Windows-based user identity is not used and WCF binding is not anonymous, the WCF runtime throws an "Access denied" error. Additionally, a 302 error code is returned to the logon page.