WSDL binding with both certificate and username/password

Question

I've to make a C# dll to use webservices in some applications (as a com object). The server requires an authentification using both certificate and username/password.

I've tried many solutions but none worked so i'm looking for a solution.

My last try was a custom bindng like this :

// Custom binding
CustomBinding binding = new CustomBinding();
var userNameToken = new UserNameSecurityTokenParameters();
userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;

var securityElement = new AsymmetricSecurityBindingElement();
securityElement.IncludeTimestamp = true;
securityElement.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.SubjectKeyIdentifier, SecurityTokenInclusionMode.Never);
securityElement.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.SubjectKeyIdentifier, SecurityTokenInclusionMode.AlwaysToRecipient);
securityElement.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic256;
securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
securityElement.SetKeyDerivation(false);
securityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(userNameToken);
securityElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
binding.Elements.Add(securityElement);

var encodingElement = new TextMessageEncodingBindingElement();
encodingElement.MessageVersion = MessageVersion.Soap12WSAddressingAugust2004;
binding.Elements.Add(encodingElement);

var httpElement = new HttpsTransportBindingElement();
httpElement.UseDefaultWebProxy = true;
binding.Elements.Add(httpElement); 

// Create the endpoint address. Note that the machine name 
EndpointAddress ea = new EndpointAddress("https://myURL/userservice");

// Create the client. 
UserServiceClient sNext = new UserServiceClient(binding, ea);

// Utilisation du WebService
sNext.ClientCredentials.UserName.UserName = "user";
sNext.ClientCredentials.UserName.Password = "pwd";

sNext.ClientCredentials.ClientCertificate.Certificate = autCertificat;
sNext.ClientCredentials.ServiceCertificate.DefaultCertificate = autCertificat;
sNext.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

sNext.MyService();

Thanks for your help. Matt

Edit :

My C# project contains a Service Reference generating from a WSDL file on a server. I compile it to make a dll that can be used in Visual FoxPro clients that used the WebServices of the WSDL.

If i go to the URL of the WebServices in a browser, it ask my first a certificate (that i choose from the list) and second i've to enter a user/password : in the browser it works fine.

Now i've to call this Webservices from my DLL but i don't know how to define the binding and the endpoint to have the same authentification process.

Thx

Answer 1

I don't believe you can have 2 competing types of ClientCredentials like this.

If you look at the config for this, you will specify one type, not multiple:

<security>
    <message clientCredentialType="Certificate" />
</security>

Or:

<security>
    <message clientCredentialType="UserName" />
</security>

An alternative route you may want to look into is to use TransportWithMessageCredential, which uses an SSL or Trusted certificate to secure the channel and UserName / Password to secure the individual messages, but without further details of it's difficult to advise further.

Here's a question I answered a while ago that may / may not be helpful:

WCF Client Using Certificate and Username/Password credentials?