Geek Answers Handbook

Consuming webservice using https protocol

I am developing an application in which I have to use a webservice developed in Java using the http protocol. I am developing an application using C # .NET winforms.everything works fine until now.but, now the web service uses ssl security, so the service url protocol is changed from http to https. Now I am fixing problems accessing the https web service.

I tried to access the https web service from SoapUI by providing the Authenticaion Parameter parameters (UserName and Password) on the Auth tab, as shown below:

enter image description here

It works great from SoapUI.

but wen I am providing Authenticaion parameters from the code as shown below:

client.ClientCredentials.UserName.UserName = "admin"; client.ClientCredentials.UserName.Password = "*******";

I use security mode like: TransportWithMessageCredential as well as ClientCredentialTtype as: Basic

My App.Config file is as follows:

 <?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <system.serviceModel> <client> <endpoint address="https://xyz:8001/HelloWorldAPI/HelloWorldWebService" binding="wsHttpBinding" bindingConfiguration="myhttpsbinding" contract="API.HelloWorldWebService" name="HelloWorldWebServicePort" /> </client> <bindings> <wsHttpBinding> <binding name="myhttpsbinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="Basic"/> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> <system.net> <defaultProxy useDefaultCredentials="true" /> </system.net> </configuration>

My code is as below:

 using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.ServiceModel; using System.Text; using System.Threading.Tasks; using testingtool.API; namespace testingtool { class Program { static void Main(string[] args) { new APITool(); } } class APITool { UserInfo userinfo = new UserInfo(); HelloWorldWebServiceClient client = new HelloWorldWebServiceClient(); private bool ValidationCallBack(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) { return true; } public APITool() { try { //Authentication parameters client.ClientCredentials.UserName.UserName = "admin"; client.ClientCredentials.UserName.Password = "*****"; ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidationCallBack); //client ClientCredentials @ Application level userinfo.userid = "myusername"; userinfo.password = "*****"; GetHelloWorldAPIVersionRequest request = new GetHelloWorldAPIVersionRequest(); APIVersionInfo versioninfo = new APIVersionInfo(); versioninfo.userinfo = userinfo; request.APIVersionInfo = versioninfo; APIVersionInfoResponse response = client.GetHelloWorldAPIVersion(versioninfo); Console.WriteLine(response.Version); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } Console.ReadLine(); } } }

I get the following exception:

System.ServiceModel.Security.MessageSecurityException: An HTTP request was not authorized using the Anonymous client authentication scheme. The authentication header received from the server was "Primary realm =" EJBServiceEndpointServlet Realm "'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

EDIT: from the client, I checked with Fiddler the request window, as shown below: from the AUth tab, it says that there is no Autherization Header header.

enter image description here

Fiddler Raw request as below:

 CONNECT 10.10.10.110:8001 HTTP/1.1 Host: 10.10.10.110:8001 Connection: Keep-Alive User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

any help would be greatly appreciated.

+8
authentication c # ssl web-services wcf
source share
5 answers

I wonder if the problem could be related to binding, although it's hard to say for sure without looking at the configuration of the service or seeing the successful soapUI request. (Note: you can include a message snippet, including the soap header, from the soapUI HTTP log.)

In any case, you can verify that the service is indeed using ws-security (message-level security) by trying the following binding:

 <bindings> <basicHttpBinding> <binding name="httpBinding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic" /> </security> </binding> </basicHttpBinding> </bindings>
+2
source

You must change the configuration of your application:

  <wsHttpBinding> <binding name="myhttpsbinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName" establishSecurityContext="false" negotiateServiceCredential="false"/> </security> </binding> </wsHttpBinding>

At the transport level you do not have authentication, therefore <transport clientCredentialType="None" /> and at the message level you have authentication by user name, therefore <message clientCredentialType="UserName"

+1
source

Are you going through a proxy server? If so, is data entered in IE? Can you view https pages in IE? If so, this should be picked up by each WebRequest , which makes an https call, since it needs to issue a CONNECT to the proxy server (which makes it), but there is no Proxy-Authorization header in your call. That should be your focus - try a simple WebRequest to say https://google.com and see what you get in the violin.

You may have a problem sending the proxy server at your request. Can you try https on another network not for proxies?

0
source

Perhaps this link might help.

It explains how to configure the endpoint with REST / SOAP WebServices

Cannot call web service with basic authentication using WCF

0
source

His binding problem you should use is an example.

http://webservices20.blogspot.com/

-one
source

More articles:


All Articles