none
WCF Client sending certificate and basic authentication credentials RRS feed

  • Question

  • I am building a WCF client to call a web service that requires client certificate and username/password send for basic authentication.  I have the old web service way of doing this working so I know certificate and username/password are valid but replicate the same code in wcf. 

    Here is my client config for the serviceModel.  It is passing the client certificate but it is not passing the basic authentication because I keep getting the folllowing error:

    System.ServiceModel.Security.MessageSecurityException: The HTTP request is unaut
    horized with client authentication scheme 'Anonymous'. The authentication header
     received from the server was 'Basic realm="www.myurl.com"'. ---> System.Net.WebException: The remote server returned an error: (401) Un
    authorized.

     <system.serviceModel>
          <behaviors>
            <endpointBehaviors>
              <behavior name="test">
               <clientCredentials>
                  <clientCertificate findValue="CN=myCert"
                                       x509FindType="FindBySubjectDistinguishedName"
                                     storeLocation="CurrentUser"
                                     storeName="My"/>
                 <windows allowedImpersonationLevel="Identification" allowNtlm="true"/>
                
                </clientCredentials>
               
              </behavior>
            </endpointBehaviors>
          </behaviors>
          <bindings>
                <basicHttpBinding>
                    <binding name="TestWebSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
                        receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="Transport">
                           <transport clientCredentialType="Certificate" proxyCredentialType="None"
                                realm="" />
                          <message clientCredentialType="UserName"   />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <client>
              <endpoint address="https://www.myurl.com"
                    binding="basicHttpBinding" bindingConfiguration="TestWebSoap"
                    contract="Test.TestWebSoap" name="TestWebSoap" behaviorConfiguration="test" />
            </client>
        </system.serviceModel>

    Here the code I am using to set my username and password:

    Test.TestWebSoapClient client = new Test.TestWebSoapClient();

    client.ClientCredentials.UserName.UserName = "testuser";
    client.ClientCredentials.UserName.Password = "password";

    Friday, March 15, 2013 6:52 PM

Answers

  • Hi, From your config, you are trying to use certificate for transport security and username/password(but not basic authentication) for message security, you need set the security mode to TransportWithMessageCredential.

    http://blogs.msdn.com/b/mcsuksoldev/archive/2011/07/05/using-mutual-ssl-and-message-security-to-secure-a-wcf-service.aspx

    Tuesday, March 19, 2013 5:49 AM

All replies

  • Hi, From your config, you are trying to use certificate for transport security and username/password(but not basic authentication) for message security, you need set the security mode to TransportWithMessageCredential.

    http://blogs.msdn.com/b/mcsuksoldev/archive/2011/07/05/using-mutual-ssl-and-message-security-to-secure-a-wcf-service.aspx

    Tuesday, March 19, 2013 5:49 AM
  • One quick question, Do you want both credential types at the same time? I mean client has to send the certificate and also username/password with the request? Or you want only one type of authentication at a time?

    M Ahsan

    Tuesday, March 19, 2013 6:49 AM