locked
How to implement digest auth for wcf proxy creation RRS feed

  • Question

  • User1183902823 posted

    is it possible when user try to create proxy then a digest related credentials window will appear. just like this image

    i have read this post https://forums.asp.net/t/2110258.aspx if possible check how @Chris Zhao answer.

    thanks

    Friday, December 15, 2017 2:26 PM

Answers

  • User1168443798 posted

    Hi tridip,<o:p></o:p>

    >> is it possible when user try to create proxy then a digest related credentials window will appear<o:p></o:p>

    Yes, it is possible. Have you enabled Digest Authentication for WCF Service?<o:p></o:p>

    I suggest you make a test with configuration below:<o:p></o:p>

      <system.serviceModel>
        <services>
          <service name="WCFDigest.Service1">
            <endpoint address="windows" binding="wsHttpBinding" contract="WCFDigest.IService1" bindingConfiguration="digest"/>       
          </service>
        </services>
        <bindings>
          <wsHttpBinding>
           <binding name="digest">
              <security mode="Transport">            
                <transport clientCredentialType="Digest"/>
              </security>
            </binding>        
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>

    Then, turn to project property->Web->Servers->Local IIS->Create Virtual Directory, it will host WCF Service in IIS.<o:p></o:p>

    Next, turn to IIS->Published Project Features View->Authentication->Digest Authentication Enabled and Anonymous Authentication Disabled.<o:p></o:p>

    Finally, you could access the wsdl address by Adding Service Reference, you may need to enter the valid username and password more than three times in the Windows Security dialog.<o:p></o:p>

    Best Regards,<o:p></o:p>

    Edward<o:p></o:p>

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, December 18, 2017 5:50 AM
  • User475983607 posted

    I'm guessing that the purolator site does not work exactly like you think and you're make a few assumptions.

    It is pretty pretty simply to create a login prompt using basic authentication.  You can also manually write an response with an HTTP challenge.  Again very simple.

    As for building a dll that pretty easy too.  Simply create a class library project. Add a web service reference in the class library using the tools that come with Visual Studio or programmatically using the channel factory (I prefer the later but you need to know what you're doing).  Sprinkle in whatever other security you want or need. Usually in WCF that's username over transport or perhaps a certificate.  Then give the the dll to your user.  It is that simply.  This is the same process you would use if you were doing this for your own WCF service and wanted to use a shared DLL rather than a creating a reference in each app that consumes the service.  Keep in mind, that designing it this way means any change to the service requires a new DLL. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 19, 2017 10:39 PM

All replies

  • User1168443798 posted

    Hi tridip,<o:p></o:p>

    >> is it possible when user try to create proxy then a digest related credentials window will appear<o:p></o:p>

    Yes, it is possible. Have you enabled Digest Authentication for WCF Service?<o:p></o:p>

    I suggest you make a test with configuration below:<o:p></o:p>

      <system.serviceModel>
        <services>
          <service name="WCFDigest.Service1">
            <endpoint address="windows" binding="wsHttpBinding" contract="WCFDigest.IService1" bindingConfiguration="digest"/>       
          </service>
        </services>
        <bindings>
          <wsHttpBinding>
           <binding name="digest">
              <security mode="Transport">            
                <transport clientCredentialType="Digest"/>
              </security>
            </binding>        
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>

    Then, turn to project property->Web->Servers->Local IIS->Create Virtual Directory, it will host WCF Service in IIS.<o:p></o:p>

    Next, turn to IIS->Published Project Features View->Authentication->Digest Authentication Enabled and Anonymous Authentication Disabled.<o:p></o:p>

    Finally, you could access the wsdl address by Adding Service Reference, you may need to enter the valid username and password more than three times in the Windows Security dialog.<o:p></o:p>

    Best Regards,<o:p></o:p>

    Edward<o:p></o:p>

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, December 18, 2017 5:50 AM
  • User1183902823 posted

    so tell me what will happen when user try to create proxy of the wcf service ? then user credentials dialog will come?

    if yes then it is ok.

    if i distribute contract to user to call my service then user has to provide digest credentials?

    outside user may not be in my pc AD group then how user will be able to call my wcf service?

    Monday, December 18, 2017 3:02 PM
  • User1168443798 posted

    Hi tridip,

    >>what will happen when user try to create proxy of the wcf service ? then user credentials dialog will come?

    If they use VS -> Add Service Reference to create proxy, the dialog will show.

    >>if i distribute contract to user to call my service then user has to provide digest credentials?

    Yes.

    If you have any other issue, please feel free to post a new thread, and then we could focus on the issue.

    Best Regards,

    Edward

    Tuesday, December 19, 2017 7:46 AM
  • User1183902823 posted

    here i am sharing one my experience what i have seen. there is a company called purolator shipping company.

    they allow people to use their web site from java, .net etc technology.

    when i try to create a proxy from their web site url endpoint then a credentials dialog box comes but when we give there our credentials what we have received from company site that does not work because purolator company provided credentials are not the part of windows credentials of their network rather they dynamically create for each user.

    purolator company provide sample code to call their web service. they also provide their web service dll which we can use to call their web site without create proxy with add web reference from VS IDE.

    so tell me how could i develop a web service where if user know the web service endpoint then they will not be able to create proxy because credentials window will come where they can not give right credentials but user will be able to call my web service using my dll library which i will provide to each user.

    suggest me with best guidance if you understand what i am trying to do? .

    Tuesday, December 19, 2017 11:13 AM
  • User475983607 posted

    I'm guessing that the purolator site does not work exactly like you think and you're make a few assumptions.

    It is pretty pretty simply to create a login prompt using basic authentication.  You can also manually write an response with an HTTP challenge.  Again very simple.

    As for building a dll that pretty easy too.  Simply create a class library project. Add a web service reference in the class library using the tools that come with Visual Studio or programmatically using the channel factory (I prefer the later but you need to know what you're doing).  Sprinkle in whatever other security you want or need. Usually in WCF that's username over transport or perhaps a certificate.  Then give the the dll to your user.  It is that simply.  This is the same process you would use if you were doing this for your own WCF service and wanted to use a shared DLL rather than a creating a reference in each app that consumes the service.  Keep in mind, that designing it this way means any change to the service requires a new DLL. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 19, 2017 10:39 PM
  • User1404573039 posted

    Hi tridip,

    I agree with mgebhard, for your description, it is not limited to Windows Digest, and it could be achieved by many ways.

    Maybe you could share us your requirement, and then we provide our suggestions per to your requirement.

    I would suggest you post a new thread to discuss your requirement.

    Regards,

    Tony

    Wednesday, December 20, 2017 2:59 AM