sonic232108

Hi,
i would like to authenticate ws calls from clients running 1.1 framework. I thought about exposing the service using SSL and just passing the authentication information in the header of each method.. but
SoapHeader attribute doesnt seem to work in WCF
so looks like i will be giving up on this approach.. as many messages on this board are suggesting using MessageContracts which does not seem like a good option for me.

also in my 1.1 client, I tried adding credentials manually:
ICredentials cred = new NetworkCredential("user1", "pass1", null);
proxy.Credentials = cred;

I guess that is meant for authenticating the service locally before proceeding to invoke as i've traced the soap traffic and user/pass did not make it across.

so now i am hoping there is stll a way to append the credentials inside the header somehow from 1.1 and stripping / validating each call on WCF side..

ideally if WCF basic authentication can somehow be simulated from 1.1 that would be great!





Re: Windows Communication Foundation (Indigo) good way to authenticate WCF services from 1.1 clients?

sonic

looks like the best way to do this as of now will be to extend the soap proxy client and append this information to http headers... going to tinker with this today and see how it goes.





Re: Windows Communication Foundation (Indigo) good way to authenticate WCF services from 1.1 clients?

David Kreutz - MSFT

Just to get a clear understand here, what you are trying to do is use a .net 1.1 client over HTTP to a WCF service. What is your binding on the WCF side

Basic authentication is not WCF specific, its an HTTP standard and should be fine working between the two as long as you use a username/password combination that the service is aware of.

Also I notice that you are referring to SOAP, are you attempting to do Message security






Re: Windows Communication Foundation (Indigo) good way to authenticate WCF services from 1.1 clients?

sonic

I am using basicHttpBinding with Transport security. To my understanding that is the asmx compatible mode.
I have no problem calling WCF webservice from 1.1 client app.
I am not attempting message security.
I am attempting to host the service in SSL.
I am also attempting to write some code that will automatically append credentials, or session token to a soap header of the request coming from the 1.1 client to WCF, and than some code on WCF side that will validate those credentails, or session token to ensure validity of each call. I will most likely do this by extending/overriding the client proxy client, and appending custom http headers.

This is basically my solution of how to engineer cross framework authentication between 1.1 and WCF. I was wondering if there would be more out of the box way of doing this, but it doesnt appear to be possible.





Re: Windows Communication Foundation (Indigo) good way to authenticate WCF services from 1.1 clients?

David Kreutz - MSFT

Basic authentication is completely seperate from SOAP. You shouldn't need to append any type of SOAP header for Basic authn. It uses HTTP headers to transmit its data. See <a href="http://en.wikipedia.org/wiki/Basic_authentication_scheme">this article</a> for more on how Basic authn works.

You need to make sure that on your service binding you have configured it to use Basic authentication.

BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

I'm not familiar with exactly how to build a client using 1.1 that will do authentication, but simply appending something to your outgoing request might not be enough because of the challange/reply used for authentication by the service.

I'd first start by double checking the config for your service and if possible try hitting it with a WCF client to make sure it is working to begin with. Once you know the service is working you can troubleshoot the 1.1 client more easily.






Re: Windows Communication Foundation (Indigo) good way to authenticate WCF services from 1.1 clients?

Jon Miller

I'm using code like the following to do it and it seems to work fine.

This code is in a console application and makes use of WCF on the server side.

BasicHttpBinding bhb = new BasicHttpBinding();

bhb.Security.Mode = BasicHttpSecurityMode.Transport;

bhb.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

ServiceHost sh = new ServiceHost(typeof(HelloService), new Uri("https://hostName:49152"));

sh.AddServiceEndpoint(typeof(IHelloService), bhb, "");

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();

smb.HttpsGetEnabled = true;

sh.Description.Behaviors.Add(smb);

sh.Open();

Console.ReadLine();

sh.Close();

On the client side, you do something like this. I used Visual Studio 2005 to generate the proxy code.

HelloService hs = new HelloService();

hs.PreAuthenticate = true;

hs.Credentials = new NetworkCredential("userName", "password");

Console.WriteLine(hs.HelloWorld());

Note, this uses Windows authentication. The problem that I'm having is that I can't get a custom UserNamePasswordValidator to work. From what I've read online, it only works with message based security. Does anyone know how to get custom authentication working in this case