Web服务请求身份验证

Question

We're being really stuck here so I decided to ask your help.

Yesterday I've been asked to help to consume a web service, got the URL to the WSDL, and the user credentials to use. I've never really had anything to do with web services, but having a general idea about them and seeing a few examples I thought it can't be that bad. Obviously I was wrong as I'm stuck now.

Everything seems to be fine, the proxy class (or client) has been generated, building up requests and sending them are fine too, apart from the authentication part. Which we can't seem to figure out how to do.

Using the:

client.ChannelFactory.Credentials.UserName.UserName = "myusername";
client.ChannelFactory.Credentials.UserName.Password = "mypassword";

doesn't seem to work. (When I check the BindingElementCollection returbed by the client.Endpoint.Binding.CreateBindingElements() there's no SecurityBindingElement)

I've tried so many other ways of doing it, but I think I'm missing something basic and the lack of documentaion is not really helping either.

So the question is: How do I send the username and password when making a call to a web service, using WCF?

Edit: Just to clarify, the request should contain something similar to this:

 <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
     <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-25763165">
        <wsse:Username>username</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">1DiaGTkOLk/CZhDaEpbkAaKRfGw=</wsse:Password>
        <wsse:Nonce>6ApOnLn5Aq9KSH46pzzcZA==</wsse:Nonce>
        <wsu:Created>2009-05-13T18:59:23.309Z</wsu:Created>
     </wsse:UsernameToken>
  </wsse:Security>

Answer 1

I had the same problem. Instead of the custom token serializer I used a MessageInspector to add the correct UsernameToken in the BeforeSendRequest method. I then used a custom behavior to apply the fix.

The entire process is documented (with a demo project ) in my blog post Supporting the WS-I Basic Profile Password Digest in a WCF client proxy . Alternatively, you can just read the PDF .

If you want to follow my progress through to the solution, you'll find it on StackOverflow titled, " Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme ":

Answer 2

I've achieved similar, using a regular HttpCookie.

To create the cookie:

[OperationContract]     
public void LoginToApi(string username, string password, string clientName)
{
// authenticate with DB, if successful ...
// construct a cookie
    HttpCookie httpCookie = new HttpCookie("SessionID","whateverneeded");
    HttpContext.Current.Response.SetCookie(httpCookie);
}

This appears in your regular HttpRequests, too. So you just reverse the process, checking the hash/session ID/username/password whatever you put in the cookie on receipt before doing anything.

Answer 3

var factory = new ChannelFactory<IService>('*');
factory.Credentials.UserName.UserName = 'bob';
factory.Credentials.UserName.Password = 'bob';
var proxy = factory.CreateChannel();

For more information you can explore Authorization In WCF-Based Services*( http ://msdn.microsoft.com/en-us/magazine/cc948343.aspx )*