none
Consuming WCF service with algorithm suite: Basic256Sha256 RRS feed

  • Question

  •  

    Hello,

    Our server changed to use Basic256Sha256 encryption which now produces "InvalidSecurity" error when calling from the client side.  Do I need a certificate (the authentication is by user/password) ? anything to add to the client code?

    Client code:

      var binding = new BasicHttpBinding();
    ...
                            binding.Security.Mode = (BasicHttpSecurityMode)SecurityMode.Transport;
                            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
                            binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;

    Here is the relevant wsdl section:

    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
              <wsp:Policy>
                <sp:TransportToken>
                  <wsp:Policy>
                    <sp:HttpsToken RequireClientCertificate="false" />
                  </wsp:Policy>
                </sp:TransportToken>
                <sp:AlgorithmSuite>
                  <wsp:Policy>
                    <sp:Basic256Sha256 />
                  </wsp:Policy>
                </sp:AlgorithmSuite>

    Tuesday, March 12, 2019 6:30 PM

All replies

  • Hi ReuvenCohen,
    On my side, the new change takes no effect in my project. one thing needs to note is that we should specify username/password as client credential when using Basic Authentication on transport layer security.
    Here is my example calling the service by adding service reference 
        ServicePointManager.ServerCertificateValidationCallback += delegate
                {
                    return true;
                };
                ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
                client.ClientCredentials.UserName.UserName = "administrator";
                client.ClientCredentials.UserName.Password = "123456";
                try
                {
                 var result=client.SayHello();
                    Console.WriteLine(result);
                }
                catch (Exception)
                {
    
                    throw;
                }

    App.config
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="BasicHttpBinding_IService">
                        <security mode="Transport">
                            <transport clientCredentialType="Basic" />
                            <message clientCredentialType="UserName" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <client>
                <endpoint address="https://10.157.13.69:3336/" binding="basicHttpBinding"
                    bindingConfiguration="BasicHttpBinding_IService" contract="ServiceReference1.IService"
                    name="BasicHttpBinding_IService" />
            </client>
    </system.serviceModel>

    I suggest you re-add service reference calling the service to update the configuration.
    I would like you could share more details about the way of client invocation.
    Best Regards
    Abraham

    Wednesday, March 13, 2019 2:40 AM
    Moderator