Web Service Authentication


  • The questions is, we are currently developing a Silverlight 5 web application (RCCS) which talks with a web service (SAP) from a separate box using http protocol.

    The web service using SOAP protocol through basichttpbinding (this is a SAP CSI service) which requires username, password authentication

    Xaml.cs file:

                    _updatingInfoFromCSI = true;

                    Z_STRUCTURE_MOVE_ESRIPortTypeClient proxy1 = new Z_STRUCTURE_MOVE_ESRIPortTypeClient();

                    proxy1.ClientCredentials.UserName.UserName = ApplicationStrings.CSIUserName;

                    proxy1.ClientCredentials.UserName.Password = ApplicationStrings.CSIPassword;


                    BAPIRET2[] zStructure1 = new BAPIRET2[1];

                    proxy1.Z_STRUCTURE_MOVE_ESRICompleted += new EventHandler<RCCS_Service.Z_STRUCTURE_MOVE_ESRICompletedEventArgs>(CSICall_Completed);

                    proxy1.Z_STRUCTURE_MOVE_ESRIAsync(txtCSI_ID.Text.ToString(), zStructure1);




            <binding name="Z_STRUCTURE_MOVE_ESRIBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">

              <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />

              <security mode="None">

                <transport clientCredentialType="None" proxyCredentialType="None" realm="" />

                <message clientCredentialType="UserName" algorithmSuite="Default" />







          <endpoint address="" binding="basicHttpBinding" bindingConfiguration="Z_STRUCTURE_MOVE_ESRIBinding" contract="FRMS.Z_STRUCTURE_MOVE_ESRIPortType"




    These are more settings for our silverlight 5 app.

    Please note, enable out of browser checkbox is checked on purpose, as we do not want to install the application on end users’ machine.

    The elevated trust checkbox is checked.

    This setting did create InBrowserSettings.xml file.

    On my machine there is also registry key AllowElevatedTrustAppsInBrowser:

    Somehow everytime our application access this service, there is a login popup that force enter username, password.

    My questions is why login popup show up when application already send username, password to remote web service.

    Is there something wrong with application setting, configuraiton, coding or Silverlight 5 web application does not support this feature yet.

    Friday, February 15, 2013 5:07 PM

All replies

  • Hi, Does it works as expected when put the right username and password into the login window?

    If you are trying to use Basic authentication, that is, the client provide the service side's Windows username and password, sending the user name in a clear way, sending password with base64 encoding.

    <security mode="Transport">
         <transport clientCredentialType="Basic" />

    Then provide the username and password at client side as you showed above. By the way, what version of IIS are you using?  A thread talks the warning it showed in the login window

    Monday, February 18, 2013 8:05 AM
  • Hi,

    After the user's press OK in the login window that pops up (they do not need to enter credentials) the application works correctly throughout the current Silverlight session. After closing the application the login procedure repeats itself. We can start Outlook from this application without issue confirming elevated mode.


    Monday, February 25, 2013 2:36 PM
  • Hi, do you enabled Windows authentication in IIS, try disable it.
    Tuesday, February 26, 2013 10:38 AM