Calling an HTTPS WCF service with Anonymous authentication?

Even though anonymous access is enabled on the Virtual Directory of the WCF service and Integrated Authentication is disabled, I still get the error:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.

This is what the security definition on client binding configuration looks like:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="None" negotiateServiceCredential="false" />
</security>

And the endpoint definition:

<endpoint address="https://url.com/Service.svc"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
            contract="IService" name="WSHttpBinding_IService">
            <identity>
                <servicePrincipalName value="spn" />
            </identity>
</endpoint>

I've already tried adding:

client.ClientCredentials.开发者_高级运维Windows.AllowedImpersonationLevel =  System.Security.Principal.TokenImpersonationLevel.Impersonation;

But it doesn't seem to have any effect.

Is there something on IIS that I need to change?

[EDIT]

Service configuration:

<behaviors>
   <endpointBehaviors>
      <behavior name="defaultBehavior"/>
   </endpointBehaviors>
   <serviceBehaviors>
      <behavior name="metadataSupport">
         <serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
         <useRequestHeadersForMetadataAddress>
            <defaultPorts>
               <add scheme="https" port="443" />
            </defaultPorts>
         </useRequestHeadersForMetadataAddress>
      </behavior>
   </serviceBehaviors>
</behaviors>
<services>
   <service name="ServiceLibrary.Service"
            behaviorConfiguration="metadataSupport">
      <endpoint address=""
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                contract="ServiceLibrary.IService"/>
      <endpoint address="mex"
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                name="mexHttps"
                contract="IMetadataExchange" />
   </service>
</services>
<bindings>
   <wsHttpBinding>
      <binding name="wsSecureBinding">
         <security mode="Transport"/>
      </binding>
   </wsHttpBinding>
</bindings>

Modify your binding configuration in service to:

<bindings>
    <wsHttpBinding>
        <binding name="wsSecureBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

It expects Windows credentials by default.