locked
Help needed in Authentication RRS feed

  • Question

  • User1489758560 posted

    Hello Guys,

    I am working in .net core 2.2 and i have a requirement that i will need to consume 3rd arty SOAP service and they have certificate based authentication. This is pretty  standard in .net framework by creating the soap service as proxy and in the webconfig we have this .

    <system.serviceModel>
        <behaviors>
          <endpointBehaviors>
            <behavior name="MC.behavior.rdy">
              <clientCredentials>
                <clientCertificate findValue="MycompanyDomain.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
                <serviceCertificate>
                  <defaultCertificate findValue="clientDomain.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
                </serviceCertificate>
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
    
        </behaviors>
        <bindings>
          <customBinding>
            <binding name="UserServiceSoapBinding">
              <textMessageEncoding messageVersion="Soap12" />
    
              <security defaultAlgorithmSuite="Basic128Rsa15" allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrust2005WSSecurityPolicy11BasicSecurityProfile50" requireSecurityContextCancellation="false">
              </security>
              <httpsTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" />
            </binding>
          </customBinding>
           <basicHttpBinding>
                    <binding name="ITransactionProcessor">
                        <security mode="Message" />
    					
                    </binding>
    				
                </basicHttpBinding>
        </bindings>
        <client>
          
         <endpoint address="https://clientDomain.com/services/UserService2009" binding="customBinding" bindingConfiguration="UserServiceSoapBinding" contract="UserService" name="UserServicePort" behaviorConfiguration="MC.behavior.rdy" >
    	  <identity>
    
             <userPrincipalName value="IIS APPPOOL\NETWORK SERVICE" />
    		 
    
           </identity>
    	  </endpoint> 
    	  
        </client>
      </system.serviceModel>

    how do i achieve this in .net core 2.2. is there a way?  i can add the connected service to create proxy. but no idea about this certificate based authentication implementation while consuming the soap service in .net core.  Please help me in this and in case if there is any sample please do share it here. it wold be much helpful to me. 

    Tuesday, May 19, 2020 6:40 PM

All replies

  • User475983607 posted

    how do i achieve this in .net core 2.2. is there a way? 

    You'll need to write it in code rather than configuration.  I would just modify the proxy code that configures SOAP 2.1.  The WCF docs show the syntax.

    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/message-security-with-mutual-certificates

    Tuesday, May 19, 2020 7:29 PM
  • User1489758560 posted

    Hi Mgebhard,

    Thank you for the reply and on the link provided, i can see the xml code s below

    <?xml version="1.0" encoding="utf-8"?>  
    <configuration>  
      <system.serviceModel>  
        <behaviors>  
          <endpointBehaviors>  
            <behavior name="ClientCredentialsBehavior">  
              <clientCredentials>  
                <clientCertificate findValue="Cohowinery.com"
                     storeLocation="CurrentUser"  
                     storeName="My"  
                     x509FindType="FindBySubjectName" />  
                <serviceCertificate>  
                  <defaultCertificate findValue="Contoso.com"
                                      storeLocation="CurrentUser"  
                                      storeName="TrustedPeople"  
                                      x509FindType="FindBySubjectName" />  
                </serviceCertificate>  
              </clientCredentials>  
            </behavior>  
          </endpointBehaviors>  
        </behaviors>  
        <bindings>  
          <wsHttpBinding>  
            <binding name="WSHttpBinding_ICalculator" >  
              <security mode="Message">  
                <message clientCredentialType="Certificate"
                         negotiateServiceCredential="false"  
                         establishSecurityContext="false" />  
              </security>  
            </binding>  
          </wsHttpBinding>  
        </bindings>  
        <client>  
          <endpoint address="http://machineName/Calculator"
                    behaviorConfiguration="ClientCredentialsBehavior"  
                    binding="wsHttpBinding"
                    bindingConfiguration="WSHttpBinding_ICalculator"  
                    contract="ICalculator"  
                    name="WSHttpBinding_ICalculator">  
            <identity>  
              <certificate encodedValue="Encoded_Value_Not_Shown" />  
            </identity>  
          </endpoint>  
        </client>  
      </system.serviceModel>  
    </configuration>

    you mean to say wring this in c#?  really i am not sure how to write this whole code in c#. any sample code to start with would be helpful

    Tuesday, May 19, 2020 8:51 PM
  • User475983607 posted

    really i am not sure how to write this whole code in c#. any sample code to start with would be helpful

    Please re-read the link.  There is sample code and configuration.   You need the code bits.

    Tuesday, May 19, 2020 8:54 PM
  • User1489758560 posted

    Hi mgebhard,

    I am keeping trying and having an issue . here is what i tried.

    1. Added a connected Service with the help of WSDL URL
    2. the sample MSDN link you gave, the first portion of code am referring to try. In that  code, i  am not sure what namespace (ServiceHost )should i for the below code 
      // Create the service host.
      ServiceHost myServiceHost =
          new ServiceHost(typeof(Calculator), httpUri);
      Please let me know.
    Thursday, May 21, 2020 1:17 AM
  • User1489758560 posted

    Any help will be highly appreciated. got struck in this.

    Friday, May 22, 2020 1:53 PM