Calling an ASMX service that is secured with Windows Credentials

Question

I've been given a Web Service (ASMX) to consume witch I need to use Windows credentials for.

So, I have set up my client VPN and called the WSDL, saved as an XML file and generated the proxy class using the svcutil.exe, so far, so good...

I'm calling the service as

// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(cUser, cPass, cDoma);

and in the web.config I have this setup:

  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="true" />
          <security mode="None">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
            <message clientCredentialType="Windows" algorithmSuite="Default" negotiateServiceCredential="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="wsHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap" />
    </client>
  </system.serviceModel>

but when I try to call the service I get an exception saying:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'.

What am I missing? shouldn't the service authenticate normally as I have provided the windows credentials? What more should I do?

What I have tried:

• set the security mode to Message and I got the same error as in the question above
• set the security mode to TransportWithMessageCredential I got: The provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter name: via
• set the security mode to Transport and I got: Binding validation failed because the WSHttpBinding does not support reliable sessions over transport security (HTTPS). The channel factory or service host could not be opened. Use message security for secure reliable messaging over HTTP.

---

From John Saunders comment:

I have switched to basicHttpBinding

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="None">
            <transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="vm-wssrv01" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap" />
    </client>
  </system.serviceModel>

and tried changing the security mode to:

• TransportWithMessageCredential {"The provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter name: via"}

• TransportCredentialOnly {"The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'."}

• Message {"BasicHttp binding requires that BasicHttpBinding.Security.Message.ClientCredentialType be equivalent to the BasicHttpMessageCredentialType.Certificate credential type for secure messages. Select Transport or TransportWithMessageCredential security for UserName credentials."}

• Transport {"The provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter name: via"}

• None {"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'."}

I'm running out of ideas :( The service is HTTP only, not HTTPS and I have no Certificate to use...

Answer 1

after 3 days, and with a big help from John Saunders as he stated that the only possible binding for an ASMX service would be basicHttpBinding (my search for an answer started to be much more focused) I got into this:

In the service caller, one must use the client.ClientCredentials.UserName as:

// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.UserName.UserName = cUser;
client.ClientCredentials.UserName.Password = cPass;

and in the configuration part, one needs to use:

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap">
        <identity>
          <dns value="localhost" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>