Connect with WCF to a WebService authenticated with username/password

Asked 30/4, 2009 at 9:0 Answered 27/9, 2013 at 9:4

Solved wcf wcf-security wcf-authentication

I created a proxy of a Web Service with Visual Studio 2008, and it created for me the following entry in the app.config:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="MyNameHandlerSoapBinding" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="None">
                        <transport clientCredentialType="None" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
          <endpoint address="http://www.***/***/***"
              binding="basicHttpBinding" bindingConfiguration="MyNameHandlerSoapBinding"
              contract="***.MyNameHandler" name="MyName">
          </endpoint>
        </client>
    </system.serviceModel>

The webservice is has username/password authentication so I need to add it somewhere here.

I'm a bit lost in the sea of WCF documentation, I think I have to change from basicHttpBinding to wsHttpBinding or customBinding to be able to add the authentication elements, but I don't really understand it. Could anybody give any quick tip or any useful link that says how to do so?

EDIT:

I changed the security section to:

<security mode="Transport">
    <transport clientCredentialType="Basic" proxyCredentialType="None"
         realm="" />
</security>

and added in the code:

ws.ClientCredentials.UserName.UserName = "";
ws.ClientCredentials.UserName.Password = "";

Now it seems it might be using the credentials but it's giving me the error:

the provided URI scheme 'http' is invalid URI expected 'https'

I don't even know if this is the right way to go...

Deflation answered 30/4, 2009 at 9:0 Comment(3)

WCF is configuration hell. What auth store do you want to use? Windows ... ASP membership or custom like a database? And have you looked through this: msdn.microsoft.com/en-us/library/bb398990.aspx – Shotputter 30/4, 2009 at 9:22

Indeed. It's an external web service that has a unique username/password to use always for all my calls. And it's http. So I guess it might be more of an endpoint authorization, if that makes sense! – Deflation 30/4, 2009 at 9:39

It's bugging at first that you cannot specify the user name and password anywhere in config (but only in code) - then again, would you want to have you password in a clear-text config file? REALLY? – Polestar 30/4, 2009 at 11:31

I post here the solution for future readers:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="MyHandlerSoapBinding" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
            allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"  />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://www.***/***/***/MyHandler"
          binding="basicHttpBinding" bindingConfiguration="MyHandlerSoapBinding"
          contract="***.MyHandler" name="MyHandler">
      </endpoint>

    </client>
  </system.serviceModel>

In the end I could use the default basicHttpBinding. The only difference from the code posted in the question is the security node.

Also note the mode="TransportCredentialOnly" option, this allows you to send username/password using http instead of https. This is necessary for testing environments as the one I'm using. Later on obviously you'll prefer https to send your credentials.

Afterwards in code you'll enter your username/password:

var ws = new ***.MyHandlerClient("MyHandler");
ws.ClientCredentials.UserName.UserName = "myUsername";
ws.ClientCredentials.UserName.Password = "myPassword";
var result = ws.executeMyMethod();

Deflation answered 30/4, 2009 at 16:28 Comment(2)

This really made my day! Thanks a lot for sharing, this saved a lot of people a lot of trouble. – Tera 16/9, 2011 at 12:54

@Deflation I get The HTTP request was forbidden with client authentication scheme 'Basic'. with that approach; do you know what could be causing this? – Drill 5/4, 2013 at 17:31

The error message is right. WCF will not allow transport of usernames and passwords over an unprotected protocol. Your web service must be using HTTPS (with the attendant SSL certificate)

Once you have an SSL certificate you have two options on how the credentials are sent, transport or security and multiple options for the type of credential. MSDN has a good guide to all of the various options.

Ratline answered 30/4, 2009 at 10:30 Comment(1)

Found it. It does allow you with the option <security mode="TransportCredentialOnly">. Of course this is for a test environment, later on you should use https. Cheers – Deflation 30/4, 2009 at 10:51

I had the same problem and tried the solution above Somehow this didn't work for me I was keep getting the message "No WS-Security header found"

After a long time of testing and trying I manage to get it work I added the header code in the client as below and then it works!

<client>
    <endpoint address="http://your.service.com" binding="basicHttpBinding" bindingConfiguration="XXXBinding" contract="contract.XXX" name="XXXPort">
        <headers xmlns:wsse="http://your.xsd">
            <wsse:Security mustUnderstand="1">
                <wsse:UsernameToken>
                    <tenant>XXX</tenant>
                    <wsse:Username>XXX</wsse:Username>
                    <wsse:Password Type="http://www.xxxx.com/wss#PasswordText">XXX</wsse:Password>
                </wsse:UsernameToken>
            </wsse:Security>
        </headers>
    </endpoint>
</client>

Highminded answered 27/9, 2013 at 9:4 Comment(0)

Recommended topics

Hot tags