Custom basic authentication to a WCF rest service doesn´t work

Question

I have followed the steps on this other thread: Adding basic HTTP auth to a WCF REST service

But when I am calling the web service, I am not asked for the username and password. I have set breakpoints in all the methods in UserNameAuthenticator class and I have discoverd that any of those methods are called.

So my question is: Where is this class created? And where in the code shall I invoke those methods? Is there any piece of code in the web.config file that does this for me?

Thanks in advance

are you prompted for username when calling it through a browser? sure you followed the remove anonymous access steps? — BugFinder, Apr 25 '16 at 12:09
I have disabled the basic authentication and enabled the annonymous authentication as @AlwaysLearning suggested on the other thread. What do you mean by "remove anonymouse Access steps ? If you mean this tag in the web.config file: yes, it is under the tag — chincheta73, Apr 25 '16 at 12:39
No. I am not... I get the response from the server straight away. And if I place a breakpoint in all the methods in the UserNameAuthenticator class, I can see that those methods are never called — chincheta73, Apr 25 '16 at 12:49
No, I meant get your web browser and open like http://myserver/service1.svc - if you arent prompted for a username, you need to fix your web hosting settings first — BugFinder, Apr 25 '16 at 12:50
Sorry @BugFinder. I don´t see the answers to fixing my web hosting settings. I am new with authentication and WCF and I am a bit confused, sorry about that. — chincheta73, Apr 25 '16 at 14:10

score 0 · Answer 1 · answered Apr 25 '16 at 12:53

In order to setup the WCF web service to consume the user name and password in a user validator you need to setup the service behavior like below:

<behaviors>
  <endpointBehaviors>
    <behavior name="webHttpBehavior">
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
      <serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
      <serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentSessions="2147483647"
        maxConcurrentInstances="2147483647" />
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" 
                                customUserNamePasswordValidatorType="FullyQaulifiedNameSpace.UserValidatorClass, FullyQaulifiedNameSpace" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

The User Name Authenticator (UserValidatorClass) will reside on the web project, but can call code from another referenced assembly. The UserValidator code will look like below:

using System.IdentityModel.Selectors;


namespace MyNameSpace.Web
{
public class UserValidator : UserNamePasswordValidator
{


    public UserValidator() : base()
    {

    }

    public override void Validate(string username, string password)
    {

    }
}
}

The easiest way to step into the Validate method is to publish your web service to IIS, and attach to the worker process for the app pool assigned to your web service.

Thanks @Mmcgowa3 This UserValidator class, is it the substitute of the UserNameAuthenticator class in the thread I referred to on my question? Because it doesn´t inherits from IHttpModule. It inherits from UserNamePasswordValidator instead. So, do I need both UserValidator and UserNameAuthenticator? Or only UserValidator? Sorry, I am new to user name authentication and WCF and I am a bit confused right now. Thanks for your help again ! :) — chincheta73, Apr 25 '16 at 13:33
No you won't need both, the UserValidator class on your project will take the place of the UserNamePasswordValidator and that code can validate user name and passwords however you want. The Validate method will consume the SSL username and password. — Mike, Apr 25 '16 at 14:14
Ok. Thanks. I will try that. And, what do you mean by "attach to the worker process for the app pool assigned to your web service" ? How do I attach this? — chincheta73, Apr 25 '16 at 14:19
If you are able to publish your web service locally to IIS (first generate a self signed certificate for SSL purposes), assign an app pool to your service. Then browse to your web service address using the fully qualified name of your workstation https://myworkstation/MyService.aspx this will activate the w3wp.exe worker thread process form IIS. If you are using Visual Studio attach to that process. Then anytime you test your service (send a call), you can put a break point on the Validate method and step thru the code. — Mike, Apr 25 '16 at 14:34

Custom basic authentication to a WCF rest service doesn´t work

1 Answers1