1

While trying to invoke a RESTful service(i have used UserNameAuthenticator from this sample for RESTful service Adding basic HTTP auth to a WCF REST service) from my web client application am getting an error like 

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic Realm'.

Client CS code

BasicHttpBinding binding = new BasicHttpBinding();
binding.SendTimeout = TimeSpan.FromSeconds(25);
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
EndpointAddress address = new  EndpointAddress("http://localhost:12229/RestServiceImpl.svc");
ChannelFactory<RestService.IRestServiceImpl> factory =
new ChannelFactory<RestService.IRestServiceImpl>(binding, address);
RestService.IRestServiceImpl channel = factory.CreateChannel();
channel.GetStudent();

Client Web.config

<system.serviceModel>
    <services>
      <service name="RestService.RestServiceImpl">
        <endpoint address="http://localhost:12229/RestServiceImpl.svc"
          binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ExternalSystemsService_v1Interface"
          contract="RestService.IRestServiceImpl"
          name="ExternalSystemsService_v1Port" />
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_ExternalSystemsService_v1Interface"
                         closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00"
                         sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false"
                         hostNameComparisonMode="StrongWildcard" maxBufferSize="65536"
                         maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                         messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                         useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="None" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
  </system.serviceModel>

and RESTful service Web.config

 <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
          </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="RestService.RestServiceImpl">
        <endpoint name="ExternalSystemsService_v1Port" address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ExternalSystemsService_v1Interface" contract="RestService.IRestServiceImpl"></endpoint>
      </service>
    </services>
    <behaviors>
      <endpointBehaviors>
        <behavior>
          <webHttp />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="SecureRESTSvcTestBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="RESTfulSecuritySH.CustomUserNameValidator, RESTfulSecuritySH" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

Any suggestion?

Community
  • 1
  • 1
bala3569
  • 10,832
  • 28
  • 102
  • 146
  • You aren't using your `.config` at all when you construct the `BasicHttpBinding`. So for Auth, all you have done is set the authentication protocol, BUT you haven't set the credentials you wish to authenticate against. Either use the `ChannelFactory` constructor that takes a binding name as a `string`, or set up your credentials in your instanticated `BasicHttpBinding`. – Aron Aug 18 '14 at 06:44

1 Answers1

2

One thing that sticks out to me is that in your Client CS Code you programmatically set the transport's client credential type:

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

But in both the client and server configuration file you set the message client credential type. Notice how the transport element's clientCredentialType attribute is set to "None" and message element's clientCredentialType is set to "UserName":

<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />

I always try to get it working in development with security turned off and then slowly turn it back on.

Also is this a new development project? I was curious why you're using WCF over ASP.NET Web API for a RESTful service.

JustinDSN
  • 61
  • 1
  • 7
  • The `.config` would be completely ignored, since the OP is instanciating the `BasicHttpBinding` himself, as opposed to using the factory method from the default constructor for the `ChannelFactory`. – Aron Aug 18 '14 at 06:42