locked
WCF Client to authenticate to SAP Web Service RRS feed

  • Question

  • Hi,
    I am in the process of creating an application and I need it to connect to a SAP Web Service.
    When I try and connect, I get the following error The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="XISOAPApps"'.
    I get this error, even though, I believe I have specified the username/password correctly to my .NET application, please see some of the code below:
                Dim epAddress As New EndpointAddress("http://[host address]")
                Dim Client As New PurchaseRequestRequest_OutClient(New BasicHttpBinding(), epAddress)
    
                Client.ClientCredentials.UserName.UserName = "[username]"
                Client.ClientCredentials.UserName.Password = "[password]"
    
    	    .... etc [code]
    
                Client.PurchaseRequestCreateRequest(PRRequestMessage)
                Client.Close()
    


    In the app.config file, the binding tag has the following:
            <bindings>
                <basicHttpBinding>
                    <binding name="PurchaseRequestRequest_OutBinding" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="None">
                            <transport clientCredentialType="Basic" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                    <binding name="PurchaseRequestRequest_OutBinding1" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="Transport">
                            <transport clientCredentialType="Basic" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
    

    Any assistance with this will be much appreciated.
    Kind Regards.
    • Edited by BubbleJet Tuesday, January 31, 2012 1:46 AM
    Monday, January 30, 2012 6:00 AM

Answers

  • Hello, you are not using PurchaseRequestRequest_OutBinding1, as you're creating a new binding instance in code. Basic authentication requires transport security. If you want to create the binding in code, you need to configure it to use transport security in code:

    BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);

    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

    In addition, you must use https in your address.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Marked as answer by BubbleJet Monday, January 30, 2012 11:45 PM
    • Unmarked as answer by BubbleJet Tuesday, January 31, 2012 1:00 AM
    • Proposed as answer by Peter Borremans Tuesday, January 31, 2012 6:42 AM
    • Marked as answer by BubbleJet Wednesday, February 1, 2012 4:10 AM
    Monday, January 30, 2012 11:43 AM
  • If you want to use http, configure the security mode to TransportCredentialOnly instead of Transport.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Proposed as answer by Peter Borremans Tuesday, January 31, 2012 6:42 AM
    • Marked as answer by BubbleJet Wednesday, February 1, 2012 4:09 AM
    Tuesday, January 31, 2012 1:19 AM

All replies

  • Hello, you are not using PurchaseRequestRequest_OutBinding1, as you're creating a new binding instance in code. Basic authentication requires transport security. If you want to create the binding in code, you need to configure it to use transport security in code:

    BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);

    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

    In addition, you must use https in your address.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Marked as answer by BubbleJet Monday, January 30, 2012 11:45 PM
    • Unmarked as answer by BubbleJet Tuesday, January 31, 2012 1:00 AM
    • Proposed as answer by Peter Borremans Tuesday, January 31, 2012 6:42 AM
    • Marked as answer by BubbleJet Wednesday, February 1, 2012 4:10 AM
    Monday, January 30, 2012 11:43 AM
  • Hi Yi-Lun Luo,

    Thanks so much for your help.

    It appears, adding in that bit of line of code and replacing:

     

    Dim epAddress As New EndpointAddress("http://[host address]")

     

    Dim Client As New PurchaseRequestRequest_OutClient(New BasicHttpBinding(), epAddress)

    with the following has resolved the problem I was experiencing:

     

    Dim epAddress As New EndpointAddress("https://[host address]")

     

     

    Dim binding As New BasicHttpBinding(BasicHttpSecurityMode.Transport)

    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic

    Dim Client As New PurchaseRequestRequest_OutClient(binding , epAddress)

    Cheers :D

    Monday, January 30, 2012 11:47 PM
  • Hi Again,

    Sorry, it appears that I need to use an http:// address as opposed to https://

    Can you please advise what I could do in order to use http://?

    If I go directly to the http:// address, a prompt appears to enter User name and Password, as shown in the image.

    Probably a key thing here is the Warning where it states This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).

    Any assistance with this again will be much appreciated.

    Kind Regards.

    Tuesday, January 31, 2012 1:04 AM
  • If you want to use http, configure the security mode to TransportCredentialOnly instead of Transport.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Proposed as answer by Peter Borremans Tuesday, January 31, 2012 6:42 AM
    • Marked as answer by BubbleJet Wednesday, February 1, 2012 4:09 AM
    Tuesday, January 31, 2012 1:19 AM
  • Thanks mate, you're a legend! I'll give this a go and see how I get on.

    Cheers.

    Tuesday, January 31, 2012 4:48 AM
  • BubbleJet,

    Keep in mind that the credentials you use will be visible for anyone tracing the traffic between client and service when you use TransportCredentialOnly.


    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.
    Tuesday, January 31, 2012 6:43 AM
  • Hi Peter/Yi-Lun Luo,

    Peter - Thanks for that info.

    Yi-Lun Luo - Thanks for all your help, using TransportCredentialOnly has resolved the problem I was getting :D

     

    Kind Regards.

    • Edited by BubbleJet Wednesday, February 1, 2012 4:11 AM
    • Proposed as answer by uNki23 Thursday, March 15, 2012 4:34 PM
    Wednesday, February 1, 2012 4:09 AM
  • Hello, I have been beating my head against the wall trying to figure this out.  I would really appreciate another set of eyes.

    1. Created brand new C# console app framework 4
    2. Add web reference to my new SAP service
    3. In the app.config I do not get the client tag list in Steffen's example above.  Below is what VS2012 generates when I add the reference.

    The app.config is:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <configSections>
            <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
                <section name="SAPTest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
            </sectionGroup>
        </configSections>
        <applicationSettings>
            <SAPTest.Properties.Settings>
                <setting name="SAPTest_mysapserver_zss_myactions"
                    serializeAs="String">
                    <value>http://mysapserver/bc/srt/rfc/sap/myactions/010/zss_myactions/myactions</value>
                </setting>
            </SAPTest.Properties.Settings>
        </applicationSettings>
    </configuration>

    The net result is that when I look at this in Fiddler, I get a 401 error.  I clearly see that the basic authorization header is not being passed. 

    The code I call is:

    System.Net.NetworkCredential cred = new System.Net.NetworkCredential();
    
     SAPTest.mySapServer.mysap_Actions _proxy1 = new SAPTest.mySapServer.mysap_Actions();
    
     SAPTest.mySapServer.mysap_Actions1 inputData = new SAPTest.mySapServer.mysap_Actions1();
    
    SAPTest.mySapServer.mysap_ActionsResponse outPutData = new SAPTest.mySapServer.mysap_ActionsResponse();
    
     cred.UserName = "user";
     cred.Password = "pw";
    
     _proxy1.PreAuthenticate = true;
     _proxy1.Credentials = cred;
     outPutData = proxy1.Callmysap_Actions(inputData);
    1. The net result is that when I call this in the C# console app I see in Fiddler that I get a 401 error and that there is no basic security header.
    2. I have reviewed the above threads and I do not have access to to modify the header in the proxy class.  
    3. Is there something that I can add to app.config to force basic auth?  Right now nothing is being sent over.
    4. Any other suggestions would be appreciated.

    Cheers!



    Wednesday, June 15, 2016 5:42 PM