Consuming WCF service with algorithm suite: Basic256Sha256 RRS feed

  • Question



    Our server changed to use Basic256Sha256 encryption which now produces "InvalidSecurity" error when calling from the client side.  Do I need a certificate (the authentication is by user/password) ? anything to add to the client code?

    Client code:

      var binding = new BasicHttpBinding();
                            binding.Security.Mode = (BasicHttpSecurityMode)SecurityMode.Transport;
                            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
                            binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;

    Here is the relevant wsdl section:

    <sp:TransportBinding xmlns:sp="">
                    <sp:HttpsToken RequireClientCertificate="false" />
                    <sp:Basic256Sha256 />

    Tuesday, March 12, 2019 6:30 PM

All replies

  • Hi ReuvenCohen,
    On my side, the new change takes no effect in my project. one thing needs to note is that we should specify username/password as client credential when using Basic Authentication on transport layer security.
    Here is my example calling the service by adding service reference 
        ServicePointManager.ServerCertificateValidationCallback += delegate
                    return true;
                ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
                client.ClientCredentials.UserName.UserName = "administrator";
                client.ClientCredentials.UserName.Password = "123456";
                 var result=client.SayHello();
                catch (Exception)

                    <binding name="BasicHttpBinding_IService">
                        <security mode="Transport">
                            <transport clientCredentialType="Basic" />
                            <message clientCredentialType="UserName" />
                <endpoint address="" binding="basicHttpBinding"
                    bindingConfiguration="BasicHttpBinding_IService" contract="ServiceReference1.IService"
                    name="BasicHttpBinding_IService" />

    I suggest you re-add service reference calling the service to update the configuration.
    I would like you could share more details about the way of client invocation.
    Best Regards

    Wednesday, March 13, 2019 2:40 AM