WCF OracleMembership Error The caller was not authenticated by the service

Question

User-1949524191 posted

Dear All,

I want to run my WCF service from a few days without success.  I am trying protect with username and oraclemembership. Below is code from service side which is hosting by IIS

<configuration>
  <connectionStrings>
    <add name="OrclConnectionString" connectionString="DATA SOURCE=XE;PASSWORD=pass;PERSIST SECURITY INFO=True;USER ID=KRZYSZTOF" providerName="Oracle.DataAccess.Client"/>
  </connectionStrings>
  <system.web>
    <membership defaultProvider="OracleMembership" userIsOnlineTimeWindow="20" > 
      <providers>
        <clear/>
        <!-- Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342-->
        <add name="OracleMembership" 
             type="Oracle.Web.Security.OracleMembershipProvider, Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342" 
             connectionStringName="OrclConnectionString" 
             applicationName="" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="true" 
             requiresUniqueEmail="false" 
             passwordFormat="Hashed" 
             maxInvalidPasswordAttempts="5" 
             minRequiredPasswordLength="3" 
             minRequiredNonalphanumericCharacters="0" 
             passwordAttemptWindow="10" 
             passwordStrengthRegularExpression=""/>
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="myRoleProvider">
      <providers>
        <add name="myRoleProvider" 
             type="Oracle.Web.Security.OracleRoleProvider, Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342" 
             connectionStringName="OrclConnectionString" 
             applicationName=""/>
      </providers>
    </roleManager>
    <compilation debug="true"/>
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WcfMessageSecurity.Service1" behaviorConfiguration="behavoir1" >
        <endpoint address ="" bindingConfiguration="b1" binding="wsHttpBinding" contract="WcfMessageSecurity.IService1">
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name ="b1">
          <security mode="Message">
            <message clientCredentialType="UserName" ></message>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="behavoir1">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="OracleMembership"/>
            <serviceCertificate findValue="szymaniak.domain" storeLocation="LocalMachine" 
                                x509FindType="FindBySubjectName" storeName="My" />
          </serviceCredentials>
          <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="myRoleProvider" ></serviceAuthorization>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
</configuration>

Moreover, I have created required certificate, install oraclemembership to Oracle 11g XE and created user.

In the client side, I created console application

app.config

<configuration>    
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <message clientCredentialType="UserName" negotiateServiceCredential="true"
                            algorithmSuite="Default" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://szymaniak.domain/WcfMessageHost.svc"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
                <identity>
                    <certificate encodedValue="AwAAAAEAAAAUAAAAeIrxQmi9e6fyQBPQJd/GV5M30IkgAAAAAQAAAAcCAAAwggIDMIIBcKADAgECAhA6SDPDn+WrsU/E/rJKvZ/iMAkGBSsOAwIdBQAwGzEZMBcGA1UEAxMQc3p5bWFuaWFrLmRvbWFpbjAeFw0xMzA1MDcxNjEyMDZaFw0zOTEyMzEyMzU5NTlaMBsxGTAXBgNVBAMTEHN6eW1hbmlhay5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1vRd4XZjlEHz88ukMjTRgyhiQlbN9BNss3yGhXQ+CNs7eNPZ6YQChSF2RyB/GOk6fcmYj0KSCbZEr+4R7MJujAQFuuQMhwcDL+GZDfoHcoJQz3729ssPpGz5z/tjkDSIw2pi5h1SpTz4cnUdeGv/T1xwReELaK9JOL1WLJw6OvAgMBAAGjUDBOMEwGA1UdAQRFMEOAEDWTejoBYNSivfML0JcKFvOhHTAbMRkwFwYDVQQDExBzenltYW5pYWsuZG9tYWlughC5Dk7V+XXjjU/alg+3YX9CMAkGBSsOAwIdBQADgYEAB8KZ8OYl3bhNff438tkSg4ppZovnlNwsgz4LNgWW3N3oiuOqRIHfLTaVUZl2r8HhxYQuGAxXL7Zp6/SMx69QaeR4OOqcuEVsJGS8jUs+Ao9p96kgMrRAOzH9Wlwg9Nen6UCYODVotGvIccATWCUL0krCawwAM13PJMh27UC8Un4=" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration

After run I got error The caller was not authenticated by the service. Where is mistake?

Thank you in advance

Krzysztof

Answer 1

User260886948 posted

kszymaniak

The caller was not authenticated by the service

I see that you are using the wsHttpBinding, The wsHttpBinding has message-level security and by default it uses Windows authentication.

If you want to use wsHttpbinding, you need to add windows credentials as below.

svc.ClientCredentials.Windows.ClientCredential.UserName="windowsuseraccountname";
svc.ClientCredentials.Windows.ClientCredential.Password="windowsuseraccountpassword";
svc.ClientCredentials.Windows.ClientCredential.Domain="windowspcname";

 

Or you can use the basicHttpBinding for instead, configure the endpoint security to "None" and transport clientCredintialType to "None."

<bindings>
    <basicHttpBinding>
        <binding name="MyBasicHttpBinding">
            <security mode="None">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </basicHttpBinding>
</bindings>
<services>
    <service behaviorConfiguration="MyServiceBehavior" name="MyService">
        <endpoint
            binding="basicHttpBinding"
            bindingConfiguration="MyBasicHttpBinding"
            name="basicEndPoint"
            contract="IMyService"
        />
</service>

Also, make sure the directory Authentication Methods in IIS to Enable Anonymous access.

Hope it can help you.

Best Regards,
Amy Peng 

Answer 2

User-1949524191 posted

Dear Sir

thank you very much for yr help. Your proposal is ok but without any security, except OracleMembership. But it's working.

I  found the solution but I don't know if it's right way, I mean, if there are necessary two kinds of security

<security mode = "TransportwithMessageCredential">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="UserName">
</security>

Most important it works ok.

Regards

Krzysztof