Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

consuming webservice using https protocol

I'm developing an application where i have to consume webservice developed in Java using http protocol. I'm developing the application using C#.NET winforms. Everything works fine until now. The webservice is now using SSL security hence the service protocol changed from http to https. I'm facing issues while accessing the https webservice.

I tried accessing the https webservice from the SoapUI by providing the Authenticaion Parameters (UserName and Password) from the Auth tab as shown below:

enter image description here

It is working fine from SoapUI.

but wen i provide the Authenticaion parameters from code as below its not working:

client.ClientCredentials.UserName.UserName = "admin";
client.ClientCredentials.UserName.Password = "*******";

I'm using Security Mode as : TransportWithMessageCredential and ClientCredentialTtype as : Basic

My App.Config file is as below:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
  <system.serviceModel>
    <client>
      <endpoint address="https://xyz:8001/HelloWorldAPI/HelloWorldWebService"
       binding="wsHttpBinding"
        bindingConfiguration="myhttpsbinding" contract="API.HelloWorldWebService"
        name="HelloWorldWebServicePort" />
    </client>
    <bindings>
      <wsHttpBinding>
        <binding name="myhttpsbinding">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>
  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>
</configuration>

My Code as below:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.Text;
using System.Threading.Tasks;
using testingtool.API;

namespace testingtool
{
    class Program
    {
        static void Main(string[] args)
        {
            new APITool();
        }
    }
    class APITool
    {
        UserInfo userinfo = new UserInfo();
        HelloWorldWebServiceClient client = new HelloWorldWebServiceClient();

        private bool ValidationCallBack(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
        {
            return true;
        }

        public APITool()
        {
            try
            {
                //Authentication parameters
                client.ClientCredentials.UserName.UserName = "admin";
                client.ClientCredentials.UserName.Password = "*****";
                ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidationCallBack);

                //client ClientCredentials @ Application level
                userinfo.userid = "myusername";
                userinfo.password = "*****";
                GetHelloWorldAPIVersionRequest request = new GetHelloWorldAPIVersionRequest();

                APIVersionInfo versioninfo = new APIVersionInfo();
                versioninfo.userinfo = userinfo;
                request.APIVersionInfo = versioninfo;


                APIVersionInfoResponse response = client.GetHelloWorldAPIVersion(versioninfo);
                Console.WriteLine(response.Version);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
            Console.ReadLine();
        }
     }
  } 

I'm getting following exception:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="EJBServiceEndpointServlet Realm"'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

EDIT: from the client i have verified with Fiddler the request window as below: from the AUth tab it is saying that there is no Autherization Header present.

enter image description here

Fiddler Raw Request as below:

CONNECT 10.10.10.110:8001 
HTTP/1.1 Host: 10.10.10.110:8001 
Connection: Keep-Alive 
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

Any help wouldbe greatly appreciated.

like image 882
Sudhakar Tillapudi Avatar asked Jun 13 '14 09:06

Sudhakar Tillapudi


2 Answers

Wondering if the issue could be with the binding, although hard to say for sure without reviewing the service configuration or seeing the successful soapUI request. (Note: you may want to include a snippet of the message, including the soap header, from the soapUI HTTP Log.)

In any case, you may want to make sure the service is really using ws-security (message level security) by trying the following binding:

<bindings>
  <basicHttpBinding>
    <binding name="httpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
like image 105
Seymour Avatar answered Oct 06 '22 02:10

Seymour


You should change your app config:

    <wsHttpBinding>
        <binding name="myhttpsbinding">
          <security mode="TransportWithMessageCredential">
             <transport clientCredentialType="None" />
             <message clientCredentialType="UserName" establishSecurityContext="false" negotiateServiceCredential="false"/>
          </security>
        </binding>
     </wsHttpBinding>

On transport level you have no authentication, so <transport clientCredentialType="None" /> and on message level you have username|password authentication, so <message clientCredentialType="UserName"

like image 37
Kirill Bestemyanov Avatar answered Oct 06 '22 03:10

Kirill Bestemyanov