ASMX username and password security

Question

I have a basic ASMX service that I'm trying to get running (I'd rather use WCF but can't get the server to work with it). It runs fine in a no security setup but as soon as I turn on security I get:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="Secured area"'.

What I want is a minimalistic ask the user for a name and password type solution.

Pokeing around the code with intellisense doesn't come up with anything that looks like I need.

This looks like it might be useful but it seems to be WCF so who knows.

---

I just realized I can make this a live demo:

here is the service: http://smplsite.com/sandbox3/Service1.asmx

the username is testapp and the password is testpw. I need a command line app that calls functions on that service.

Befor I added security, this line worked in a basic VS project after running Add Web Service Reference on that URL

new ServiceReference1.Service1SoapClient().HelloMom("Bob");

This is my current attempt (That doesn't work)

class Program
{
    private static bool customValidation(object s, X509Certificate c, X509Chain ch, SslPolicyErrors e)
    { return true }

    static void Main(string[] args)
    {
         // accept anything
        ServicePointManager.ServerCertificateValidationCallback += 
              new RemoteCertificateValidationCallback(customValidation);

        var binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
        binding.Security.Transport.Realm = "Secured area";

        // the generated Web Service Reference class
        var client = new ServiceReference1.Service1SoapClient(
            binding,
            new EndpointAddress("https://smplsite.com/sandbox3/Service1.asmx")
            );

        client.ClientCredentials.UserName.UserName = "testapp";
        client.ClientCredentials.UserName.Password = "testpw";

        Console.WriteLine(client.HelloMom("Bob"));
    }
}

---

Edit: BTW this is not a website or running in the browser, the accessing code is a C# command line app. Also, the authentication is being done by another IIS plug-in that I don't control.

Edit 2: To be clear; the solution I'm looking for is a purely client side issue.

Edit 3: the access control is via a .haccess type of system and I like it that way. I don't want the service code to do any authentication.

Answer 1

I'm going to add a fresh answer, because I think this may help:

http://intellitect.com/calling-web-services-using-basic-authentication/

I won't duplicate it here, because I didn't do anything but google it.