0

I'm having some issue with authentication on a third party's WCF service. I don't know how it's configured, it's like a black box for me. The only thing that I know, that those webservice should use Basic authentication, but may not.

I've added fiddler, and even wireshark to analyze what's happening inside of those requests, and found out that requests with authorization header do get authenticated. So basically, using a SoapUI I was able to authenticate on those WCF service.

I've generated a test client using svcutil and specified config file like this:

 <bindings>
   <basicHttpBinding>
     <binding name="BasicHttpBinding_1" useDefaultWebProxy="false" >
       <security mode="Message" >
         <message clientCredentialType="UserName" />
       </security>
     </binding>        
   </basicHttpBinding>
 </bindings>
 <client>
   <endpoint address="http://theurl.svc"
     binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_1"
     contract="CA_TestMediaSaturn.IDCIntegration" name="BasicHttpBinding_2" />
 </client>

Also I've added authorization information to client in code file:

 client.ClientCredentials.UserName.UserName = "one";
 client.ClientCredentials.UserName.Password = "two";

But I wasn't able to get those Authorization header encoded in base64. I wonder how can I configure my client to obtain those header in order to get authorized on webservice side. I did found an article describing how to make it on your own. But maybe there is a way to make it a lot easier?

UPDATE 1:

I've just receiver service configuration settings from 3rd party vendor. Mb it can somehow help in finding out the reason of error.

 <bindings>
 <basicHttpBinding>
 <binding name="BasicHttpBinding_1" >
                 <security mode="TransportCredentialOnly">
                   <message clientCredentialType="UserName"/>
                 </security>
               </binding>
 </basicHttpBinding>
 </bindings>
Johnny_D
  • 4,592
  • 3
  • 33
  • 63

1 Answers1

3

you should set mode="Transport" instead of "Message". This will generate Authorization header. current setting is message security so authentication is inside SOAP.

EDIT: seems like you need pre-authenitcate. in general wcf will first not send authorization header, and if the service returns a challenge to do it then it will send the message again with the header. some servers do not support this challenge mechanism and will require to send authorization header already at first shot. this is called pre authentication in .net 2. unfortunetely wcf does not support it. but you could do it yourself: first set security mode to None so WCF will not send security at all. then see example here how to add this header yourself to the wcf call.

Community
  • 1
  • 1
Yaron Naveh
  • 23,560
  • 32
  • 103
  • 158
  • Should I add `` string to binding configuration section? – Johnny_D Aug 30 '13 at 05:46
  • BTW using transport level requires https connection, but my 3rd party's service is on http, can I somehow workaround it? – Johnny_D Aug 30 '13 at 05:49
  • 1
    you could set mode="TransportCredentialOnly" and then credential type to "Basic" – Yaron Naveh Aug 30 '13 at 09:50
  • I did it too, and added logging section. But still no result. I can't attach `Authorization` header to my requests. – Johnny_D Aug 30 '13 at 12:12
  • Just marked your post as answer. This is really an issue, and seem that only injecting authentication header manually can help in this situation. – Johnny_D Sep 25 '13 at 07:16