locked
WCF OracleMembership Error The caller was not authenticated by the service RRS feed

  • Question

  • User-1949524191 posted

    Dear All,

    I want to run my WCF service from a few days without success.  I am trying protect with username and oraclemembership. Below is code from service side which is hosting by IIS

    <configuration>
      <connectionStrings>
        <add name="OrclConnectionString" connectionString="DATA SOURCE=XE;PASSWORD=pass;PERSIST SECURITY INFO=True;USER ID=KRZYSZTOF" providerName="Oracle.DataAccess.Client"/>
      </connectionStrings>
      <system.web>
        <membership defaultProvider="OracleMembership" userIsOnlineTimeWindow="20" > 
          <providers>
            <clear/>
            <!-- Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342-->
            <add name="OracleMembership" 
                 type="Oracle.Web.Security.OracleMembershipProvider, Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342" 
                 connectionStringName="OrclConnectionString" 
                 applicationName="" 
                 enablePasswordRetrieval="false" 
                 enablePasswordReset="true" 
                 requiresQuestionAndAnswer="true" 
                 requiresUniqueEmail="false" 
                 passwordFormat="Hashed" 
                 maxInvalidPasswordAttempts="5" 
                 minRequiredPasswordLength="3" 
                 minRequiredNonalphanumericCharacters="0" 
                 passwordAttemptWindow="10" 
                 passwordStrengthRegularExpression=""/>
          </providers>
        </membership>
        <roleManager enabled="true" defaultProvider="myRoleProvider">
          <providers>
            <add name="myRoleProvider" 
                 type="Oracle.Web.Security.OracleRoleProvider, Oracle.Web, Version=4.112.3.0, Culture=neutral, PublicKeyToken=89b483f429c47342" 
                 connectionStringName="OrclConnectionString" 
                 applicationName=""/>
          </providers>
        </roleManager>
        <compilation debug="true"/>
      </system.web>
      <system.serviceModel>
        <services>
          <service name="WcfMessageSecurity.Service1" behaviorConfiguration="behavoir1" >
            <endpoint address ="" bindingConfiguration="b1" binding="wsHttpBinding" contract="WcfMessageSecurity.IService1">
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
          </service>
        </services>
        <bindings>
          <wsHttpBinding>
            <binding name ="b1">
              <security mode="Message">
                <message clientCredentialType="UserName" ></message>
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="behavoir1">
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="false" />
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="OracleMembership"/>
                <serviceCertificate findValue="szymaniak.domain" storeLocation="LocalMachine" 
                                    x509FindType="FindBySubjectName" storeName="My" />
              </serviceCredentials>
              <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="myRoleProvider" ></serviceAuthorization>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    </configuration>

    Moreover, I have created required certificate, install oraclemembership to Oracle 11g XE and created user.

    In the client side, I created console application

    app.config

    <configuration>    
        <system.serviceModel>
            <bindings>
                <wsHttpBinding>
                    <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                        allowCookies="false">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <reliableSession ordered="true" inactivityTimeout="00:10:00"
                            enabled="false" />
                        <security mode="Message">
                            <message clientCredentialType="UserName" negotiateServiceCredential="true"
                                algorithmSuite="Default" />
                        </security>
                    </binding>
                </wsHttpBinding>
            </bindings>
            <client>
                <endpoint address="http://szymaniak.domain/WcfMessageHost.svc"
                    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                    contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
                    <identity>
                        <certificate encodedValue="AwAAAAEAAAAUAAAAeIrxQmi9e6fyQBPQJd/GV5M30IkgAAAAAQAAAAcCAAAwggIDMIIBcKADAgECAhA6SDPDn+WrsU/E/rJKvZ/iMAkGBSsOAwIdBQAwGzEZMBcGA1UEAxMQc3p5bWFuaWFrLmRvbWFpbjAeFw0xMzA1MDcxNjEyMDZaFw0zOTEyMzEyMzU5NTlaMBsxGTAXBgNVBAMTEHN6eW1hbmlhay5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1vRd4XZjlEHz88ukMjTRgyhiQlbN9BNss3yGhXQ+CNs7eNPZ6YQChSF2RyB/GOk6fcmYj0KSCbZEr+4R7MJujAQFuuQMhwcDL+GZDfoHcoJQz3729ssPpGz5z/tjkDSIw2pi5h1SpTz4cnUdeGv/T1xwReELaK9JOL1WLJw6OvAgMBAAGjUDBOMEwGA1UdAQRFMEOAEDWTejoBYNSivfML0JcKFvOhHTAbMRkwFwYDVQQDExBzenltYW5pYWsuZG9tYWlughC5Dk7V+XXjjU/alg+3YX9CMAkGBSsOAwIdBQADgYEAB8KZ8OYl3bhNff438tkSg4ppZovnlNwsgz4LNgWW3N3oiuOqRIHfLTaVUZl2r8HhxYQuGAxXL7Zp6/SMx69QaeR4OOqcuEVsJGS8jUs+Ao9p96kgMrRAOzH9Wlwg9Nen6UCYODVotGvIccATWCUL0krCawwAM13PJMh27UC8Un4=" />
                    </identity>
                </endpoint>
            </client>
        </system.serviceModel>
    </configuration


    After run I got error The caller was not authenticated by the service. Where is mistake?

    Thank you in advance

    Krzysztof

    Tuesday, May 7, 2013 3:23 PM

Answers

  • User260886948 posted

    kszymaniak

    The caller was not authenticated by the service

    I see that you are using the wsHttpBinding, The wsHttpBinding has message-level security and by default it uses Windows authentication.

    If you want to use wsHttpbinding, you need to add windows credentials as below.

    svc.ClientCredentials.Windows.ClientCredential.UserName="windowsuseraccountname";
    svc.ClientCredentials.Windows.ClientCredential.Password="windowsuseraccountpassword";
    svc.ClientCredentials.Windows.ClientCredential.Domain="windowspcname";

     

    Or you can use the basicHttpBinding for instead, configure the endpoint security to "None" and transport clientCredintialType to "None."

    <bindings>
        <basicHttpBinding>
            <binding name="MyBasicHttpBinding">
                <security mode="None">
                    <transport clientCredentialType="None" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <services>
        <service behaviorConfiguration="MyServiceBehavior" name="MyService">
            <endpoint
                binding="basicHttpBinding"
                bindingConfiguration="MyBasicHttpBinding"
                name="basicEndPoint"
                contract="IMyService"
            />
    </service>

    Also, make sure the directory Authentication Methods in IIS to Enable Anonymous access.

    Hope it can help you.

    Best Regards,
    Amy Peng 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 8, 2013 9:28 PM
  • User-1949524191 posted

    Dear Sir

    thank you very much for yr help. Your proposal is ok but without any security, except OracleMembership. But it's working.

    I  found the solution but I don't know if it's right way, I mean, if there are necessary two kinds of security

    <security mode = "TransportwithMessageCredential">
    <transport clientCredentialType="Certificate" />
    <message clientCredentialType="UserName">
    </security>
    

    Most important it works ok.

    Regards

    Krzysztof

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 11, 2013 6:54 AM

All replies

  • User260886948 posted

    kszymaniak

    The caller was not authenticated by the service

    I see that you are using the wsHttpBinding, The wsHttpBinding has message-level security and by default it uses Windows authentication.

    If you want to use wsHttpbinding, you need to add windows credentials as below.

    svc.ClientCredentials.Windows.ClientCredential.UserName="windowsuseraccountname";
    svc.ClientCredentials.Windows.ClientCredential.Password="windowsuseraccountpassword";
    svc.ClientCredentials.Windows.ClientCredential.Domain="windowspcname";

     

    Or you can use the basicHttpBinding for instead, configure the endpoint security to "None" and transport clientCredintialType to "None."

    <bindings>
        <basicHttpBinding>
            <binding name="MyBasicHttpBinding">
                <security mode="None">
                    <transport clientCredentialType="None" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <services>
        <service behaviorConfiguration="MyServiceBehavior" name="MyService">
            <endpoint
                binding="basicHttpBinding"
                bindingConfiguration="MyBasicHttpBinding"
                name="basicEndPoint"
                contract="IMyService"
            />
    </service>

    Also, make sure the directory Authentication Methods in IIS to Enable Anonymous access.

    Hope it can help you.

    Best Regards,
    Amy Peng 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 8, 2013 9:28 PM
  • User-1949524191 posted

    Dear Sir

    thank you very much for yr help. Your proposal is ok but without any security, except OracleMembership. But it's working.

    I  found the solution but I don't know if it's right way, I mean, if there are necessary two kinds of security

    <security mode = "TransportwithMessageCredential">
    <transport clientCredentialType="Certificate" />
    <message clientCredentialType="UserName">
    </security>
    

    Most important it works ok.

    Regards

    Krzysztof

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 11, 2013 6:54 AM