3

I realize this is a question that's been asked time and again, but I can't find a list of "gotchas" that I can take a look at.

I'm writing a WCF client that will consume an SAP web service, using a customBinding in my web.config with allowCookies set to false and support for reliable sessions enabled. I'm setting my HTTP headers as follows:

var authCookie = new System.Net.Cookie();
var wcfClient = new SomeWcfClient();
using (var context = new OperationContextScope(wcfClient.InnerChannel))
{
    var cookies = new CookieContainer();
    cookies.Add(authCookie);
    var endPoint = new EndpointAddress("http://someDomain.test/");

    var httpRequest = new System.ServiceModel.Channels.HttpRequestMessageProperty();
    OperationContext.Current.OutgoingMessageProperties.Add(System.ServiceModel.Channels.HttpRequestMessageProperty.Name, httpRequest);
    httpRequest.Headers.Add(HttpRequestHeader.Cookie, cookies.GetCookieHeader(endPoint.Uri));

    wcfClient.PerformOperation();
}

When I use Fiddler, my HTTP header does not come across. I've tried creating dummy Referer and User-Agent headers, too, thinking that maybe something specific was happening with my cookie header, but even those other headers did not come across. Any thoughts? Where should I look next?

Peder Rice
  • 1,764
  • 3
  • 28
  • 51

2 Answers2

3

For this kind of stuff you should be implementing IClientMessageInspector - for some sample code see http://msmvps.com/blogs/paulomorgado/archive/2007/04/27/wcf-building-an-http-user-agent-message-inspector.aspx

See also (more current):

Community
  • 1
  • 1
Yahia
  • 69,653
  • 9
  • 115
  • 144
  • Is there a functional difference? – Peder Rice Aug 23 '11 at 18:12
  • what do you mean ? the inspector interfaces are called by the WCF runtime during execution and get all needed information and can perform whatever you need them to do, even chenge the data itself before being sent/received... – Yahia Aug 23 '11 at 18:16
  • But what's the difference between that and using an OperationContextScope? From what I've read, they accomplish the same things. – Peder Rice Aug 23 '11 at 18:59
  • in theory yes - but I suspect that the difference lies in how the interaction with the runtime takes place... the inspector interface is called "in-execution" meaning all context is local... the method you used can be subject to some sort of contention for examply in multi-threading situations... thus to be 100% on the right side I resort to the inspector method – Yahia Aug 23 '11 at 19:36
  • Recent comments in that blog post indicate that this approach may no longer work in .NET 4. Something must have changed between versions.... – Peder Rice Aug 23 '11 at 21:09
  • I wouldn't take those comments too seriously - see my EDIT above with more elaborate and current links – Yahia Aug 23 '11 at 22:20
  • Possibly a .NET 4 bug, noticed that our setup worked on one machine that was on SP1 but not on a machine without SP1. – Peder Rice Aug 24 '11 at 13:50
1

So, this issue was a lot different than we were expecting. I am still trying to find a fix, but at least I know root cause:

I am unable to send HTTP cookies to authenticate my requests; our SAP services use a MYSAPSSO2 token (HTTP cookie) for authentication. When trying to use WCF to connect to a Reliable Session-enabled SAP web service, our cookies don't get sent up front.

We are looking for a way to build a custom authentication provider that can use HTTP cookies.

Peder Rice
  • 1,764
  • 3
  • 28
  • 51