Web service request authentication

Question

We\'re being really stuck here so I decided to ask your help.

Yesterday I\'ve been asked to help to consume a web service, got the URL to the WSDL, and the user cred

Answer 1

I had the same problem. Instead of the custom token serializer I used a MessageInspector to add the correct UsernameToken in the BeforeSendRequest method. I then used a custom behavior to apply the fix.

The entire process is documented (with a demo project) in my blog post Supporting the WS-I Basic Profile Password Digest in a WCF client proxy. Alternatively, you can just read the PDF.

If you want to follow my progress through to the solution, you'll find it on StackOverflow titled, "Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme":

Answer 2

var factory = new ChannelFactory<IService>('*');
factory.Credentials.UserName.UserName = 'bob';
factory.Credentials.UserName.Password = 'bob';
var proxy = factory.CreateChannel();

For more information you can explore Authorization In WCF-Based Services*( http ://msdn.microsoft.com/en-us/magazine/cc948343.aspx)*

Answer 3

I've achieved similar, using a regular HttpCookie.

To create the cookie:

[OperationContract]     
public void LoginToApi(string username, string password, string clientName)
{
// authenticate with DB, if successful ...
// construct a cookie
    HttpCookie httpCookie = new HttpCookie("SessionID","whateverneeded");
    HttpContext.Current.Response.SetCookie(httpCookie);
}

This appears in your regular HttpRequests, too. So you just reverse the process, checking the hash/session ID/username/password whatever you put in the cookie on receipt before doing anything.