ABcdsfdsfds

Hi guys,

I am having a WCF client which communicates to Java service via siteminder. To call the Java service the client needs to be validated by siteminder using the siteminder token from cookies folder of the client pc.

How can the client pass its siteminder token from cookies folder to siteminder via its bindings or service behaviours The java service is called from client using proxy class generated by svcutil.

Appreciate any comments on this.

Thanks!



Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

Utkarsh Shah - MSFT

Hello, You can look at following forum post and see if that approach will work in your scenario.

http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=1295738&SiteID=1

Thanks






Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

ABcdsfdsfds

Hi Utkarsh,

Thanks for the reply.

We have the siteminder token in %Appdata%\Cookies folder which has SMIDENTITY and SMSESSION keys. This is a txt file . I tried passing the contents of this txt file as a string to the EndPoint AddressHeader section but didn't help

AddressHeader header = AddressHeader.CreateAddressHeader("Cookie", "", tokens);

EndpointAddress address = new EndpointAddress(new System.Uri(myappurl), new AddressHeader[] { header });

Here, tokens is a string with contents of the siteminder cookie txt file.

I also tried creating a serializable class with 2 properties SMIDENTITY and SMSESSION containing the value of these fields from the SM cookie file and passing it to AddressHeader instead of tokens above but that didnt work either.

I am using basichttpbinding. Do we need to use another binding for this model

Thanks!





Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

Ed Pinto - MSFT

That's correct, if you want to send the tokens as Address Headers in the SOAP message you can't use basicHttpBinding, you could use wsHttpBinding for example. If you want to send the token as an http cookie, then you need to do grab the HttpRequestMessageProperty and add the Cookie header. (check out HttpClient in this sample for an example of how to get the HttpRequestMessageProperty http://msdn2.microsoft.com/en-us/library/aa395208.aspx).

Cheers,

Ed





Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

ABcdsfdsfds

I changed the binding from basichttpbinding to wshttpbinding and got this error :

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'basic realm="dev.generic.agent-all-/ [16:30:12:6084]"'.

I want to avoid using POX for siteminder validation so is there any other way of passing siteminder validation cookies or siteminder smsession and smidentity values to a siteminder protected service . We are using proxy classes to communicate with the service using WCF.

Any ideas

Thanks!





Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

ABcdsfdsfds

Tried the following code, but looks like the http headers are not getting passed in the request. Any comments

WSHttpBinding binding = null;

binding = new WSHttpBinding();

binding.Security.Mode = SecurityMode.Transport;

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

ChannelFactory<MySoapService> factory = new ChannelFactory<MySoapService>("MyEndpoint");

MySoapService channel = factory.CreateChannel();

HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();

httpRequestProperty.SuppressEntityBody = false;

string[] smTokens = GetSiteminderSessionFromCookie();

httpRequestProperty.Headers.Add("Cookie", "SMSESSION=" + smTokens[1]);

httpRequestProperty.Headers.Add(HttpRequestHeader.UserAgent, "SM Client");

using (OperationContextScope scope = new OperationContextScope((channel as IContextChannel)))

{

OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;

channel.GetData(); /*Returns error :

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'basic realm="dev.generic.agent-all-/ [16:30:12:6084]"'.

*/

}





Re: Windows Communication Foundation (Indigo) Use of Siteminder tokens in WCF to authenticate against siteminder

Ed Pinto - MSFT

It looks like you want to pass the SiteMinder token as an HTTP cookie. You aren't working with Address headers here and it doesn't look like you need message security so I suspect you should revert to BasicHttpBinding. Here is an example client:

Code Snippet

using System;

using System.ServiceModel;

using System.ServiceModel.Channels;

using System.Net;

[ServiceContract(Namespace = "http://CustomerSample")]

public interface IMySoapService

{

[OperationContract]

string GetData();

}

class Client

{

static void Main()

{

BasicHttpBinding binding = new BasicHttpBinding();

//need to set AllowCookies to false otherwise our default handling of cookies will stomp all over a manually inserted cookie header

//false is the default

binding.AllowCookies = false;

ChannelFactory<IMySoapService> factory = new ChannelFactory<IMySoapService>(binding, "http://localhost:8000/MySoapService");

IMySoapService channel = factory.CreateChannel();

string tokens = "some siteminder token";

using (OperationContextScope scope = new OperationContextScope((IContextChannel)channel))

{

HttpRequestMessageProperty httprequestMessageProperty = new HttpRequestMessageProperty();

httprequestMessageProperty.Headers.Add(HttpRequestHeader.Cookie, "SMSESSION=" + tokens);

httprequestMessageProperty.Headers.Add(HttpRequestHeader.UserAgent, "SM Client");

OperationContext.Current.OutgoingMessageProperties.Add(HttpRequestMessageProperty.Name, httprequestMessageProperty);

string data = channel.GetData();

Console.WriteLine(data);

}

((IChannel)channel).Close();

factory.Close();

Console.WriteLine();

Console.WriteLine("Press to terminate client.");

Console.ReadLine();

}

}

Here is an example server for testing:

Code Snippet

using System;

using System.Configuration;

using System.ServiceModel;

using System.ServiceModel.Channels;

using System.Net;

using System.ServiceModel.Description;

[ServiceContract(Namespace = "http://CustomerSample")]

public interface IMySoapService

{

[OperationContract]

string GetData();

}

public class MySoapService : IMySoapService

{

public string GetData()

{

Console.WriteLine("GetData called");

HttpRequestMessageProperty httpRequestMessageProperty =

(HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestMessageProperty.Name];

Console.WriteLine("Cookie: {0}", httpRequestMessageProperty.Headers[HttpRequestHeader.Cookie]);

Console.WriteLine("UserAgent: {0}", httpRequestMessageProperty.Headers[HttpRequestHeader.UserAgent]);

return "Here's some data";

}

public static void Main()

{

using (ServiceHost serviceHost = new ServiceHost(typeof(MySoapService)))

{

BasicHttpBinding binding = new BasicHttpBinding();

//need to set AllowCookies to false otherwise our default handling of cookies will stomp all over a manually inserted cookie header

//false is the default

binding.AllowCookies = false;

serviceHost.AddServiceEndpoint(typeof(IMySoapService), binding, "http://localhost:8000/MySoapService");

serviceHost.Open();

Console.WriteLine("The service is ready.");

Console.WriteLine("Press <ENTER> to terminate service.");

Console.WriteLine();

Console.ReadLine();

}

}

}

Cheers,

Ed