Question on WCF and basic authentication...

Question

0.00/5 (No votes)

See more:

, +

Hi all,
So here's the deal, I'm trying to set up a WCF service which needs support for SOAP 1.2 and Basic Authentication (username + password, which must be validated against a custom database). The service will be consumed by a third party over the internet.
I'm using Visual Studio 2015 with .NET 4.6.1.

So as far as I understand I need a wsHttpBinding (which supports SOAP 1.2).
Then I need to set up some way to validate the username + password, which can be done by inheriting from System.ServiceModel.UserNamePasswordValidator.

And now for the tricky part, configuration...

XML

<!-- ... Stuff ... -->
<serviceCredentials>
  <userNameAuthentication userNamePasswordValidationMode="Custom"
                          customUserNamePasswordValidatorType="MyProject.CustomUsernamePasswordValidator, MyProject"/>
</serviceCredentials>

<!-- ... More stuff ... -->
<protocolMapping>
  <add binding="wsHttpBinding" scheme="http" bindingConfiguration="wsHttpBinding" />
</protocolMapping>
<bindings>
  <wsHttpBinding>
    <!-- For HTTP support (testing only) -->
    <binding name="wsHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="Basic" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<!-- ... Even more stuff ... -->

The problem is, as soon as I set up security mode Transport with clientCredentialType Basic I need SSL and a (self-)signed certificate. The only way I can find to disable this is by using basicHttpBinding and clientCredentialType TransportCredentialOnly, but that only supports SOAP 1.1.

Of course I could create a self-signed certificate, but I really don't want that for testing purposes (the next programmer on this project will need it, everyone will always needs it, which raises the bar for maintenance, etc.).

So my question: can I have SOAP 1.2 with Basic Authentication and plain HTTP (no S)?

Thanks!

What I have tried:

I've searched the entire internet, and I've tried just about any configuration possible.

Posted 28-Mar-16 23:36pm

Sander Rossel

Updated 29-Mar-16 22:24pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sander Rossel · Accepted Answer · 2016-03-29T22:24:00

Alright, so I found my biggest problem. It's rather stupid.
I was missing the services configuration...

XML

<services>
  <service name="MyProject">
    <endpoint address="" binding="wsHttpBinding" contract="MyProject.IMyService" bindingconfiguration="BasicAuthentication"></endpoint>
  </service>
</services>

I remember that used to be generated in earlier versions of WCF.
Anyway, with that in place I was able to fix it.

Having Basic Authentication without HTTPS is impossible, but I was able to get it working by just ignoring the certificates in my code:

C#

using (ServiceApiClient client = new ServiceApiClient())
{
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback((sender, cert, chain, error) => true);

    client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    // ...